[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: suid



On Sat, 17 Apr 2004 at 08:28:03AM -0400, Mario Ohnewald wrote:
> On Saturday 17 April 2004 01:33, Bernd Eckenfels wrote:
> > In article <[🔎] 1877275296.20040417002119@lists.debian.org> you wrote:
> > > -rwsr-xr-x    1 root     root        22460 Oct  1  2001 /usr/bin/crontab
> > >
> > > yes, because only in this condition normal user can set crontab rules.
> >
> > this deends on the cron used. The cron in qustion needs to restrict the
> > access to the spool directory because it is shared. One could change the
> > owner of the crontab file, but then it is hard to atomically replace the
> > file without write access to the spool dir. The best solution is to have
> > the crontab in a user owned directory.
> 
> That sounds good!

IMHO, this would be bad.  The Cron Daemon would have to sanitize the
input of the crontab each time it checks the file for running
(presumably every minute, unless their is a way of notifying the cron
daemon of a new crontab.)

The default crontab in debian creates a file in /tmp, the user modifies
it using their favorite editor, saves it, crontab then performs a sanity
check on it.  If all is good it copies the file into the crontab
directory and notifies the daemon of the new crontab.

I think the current system works well...

-- 
Phillip Hofmeister

PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.asc | gpg --import



Reply to: