Re: suid

To: debian-security@lists.debian.org
Subject: Re: suid
From: Mario Ohnewald <mario.ohnewald@gmx.de>
Date: Sat, 17 Apr 2004 13:28:03 +0100
Message-id: <[🔎] 200404171328.03150.mario.ohnewald@gmx.de>
In-reply-to: <[🔎] E1BEdm7-0007w8-00@calista.eckenfels.6bone.ka-ip.net>
References: <[🔎] E1BEdm7-0007w8-00@calista.eckenfels.6bone.ka-ip.net>

On Saturday 17 April 2004 01:33, Bernd Eckenfels wrote:
> In article <[🔎] 1877275296.20040417002119@lists.debian.org> you wrote:
> > -rwsr-xr-x    1 root     root        22460 Oct  1  2001 /usr/bin/crontab
> >
> > yes, because only in this condition normal user can set crontab rules.
>
> this deends on the cron used. The cron in qustion needs to restrict the
> access to the spool directory because it is shared. One could change the
> owner of the crontab file, but then it is hard to atomically replace the
> file without write access to the spool dir. The best solution is to have
> the crontab in a user owned directory.

That sounds good!

>
> It is not a good idea to change this without having a close look at the
> cron code in question. It might be much better to use another cron flavor.

What are the secure alternatives?


Thanks, Mario

Reply to:

Follow-Ups:
- Re: suid
  - From: Phillip Hofmeister <plhofmei@zionlth.org>

References:
- Re: suid
  - From: Bernd Eckenfels <ecki@lina.inka.de>

Prev by Date: Virus in: Re: Your archive
Next by Date: Re: [SECURITY] [DSA 479-1] New Linux 2.4.18 packages fix local root exploit (source+alpha+i386+powerpc)
Previous by thread: Re: suid
Next by thread: Re: suid
Index(es):
- Date
- Thread