From owner-freebsd-security Mon Apr 20 11:40:59 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA07871 for freebsd-security-outgoing; Mon, 20 Apr 1998 11:40:59 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from scanner.worldgate.com (scanner.worldgate.com [198.161.84.3]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA07758 for ; Mon, 20 Apr 1998 18:40:12 GMT (envelope-from marcs@znep.com) Received: from znep.com (uucp@localhost) by scanner.worldgate.com (8.8.7/8.8.7) with UUCP id MAA08982 for freebsd-security@freebsd.org; Mon, 20 Apr 1998 12:40:03 -0600 (MDT) Received: from localhost (marcs@localhost) by alive.znep.com (8.7.5/8.7.3) with SMTP id MAA26137 for ; Mon, 20 Apr 1998 12:39:35 -0600 (MDT) Date: Mon, 20 Apr 1998 12:39:34 -0600 (MDT) From: Marc Slemko To: freebsd-security@FreeBSD.ORG Subject: Re: suid/sgid programs In-Reply-To: <199804201755.NAA13930@brain.zeus.leitch.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk On Mon, 20 Apr 1998, Greg A. Woods wrote: > [ On Sun, April 19, 1998 at 19:18:54 (-0500), Karl Denninger wrote: ] > > Subject: Re: suid/sgid programs > > > > > > Same with crontab, at and batch. *CRON* needs to run as root, but crontab > > > > and friends DO NOT. They need to be SUID to something, but again, not root. > > > > > > But if someone can break the uid that crontab runs as, they have root > > > anyway. > > > > Not necessarily. There are ways around that problem. > > I, for one, am all ears! The only tricks I can think of are those that > would work soley by obscurity, which with open source make them of > little real value. Other tricks, such as using some fancy IPC between > crontab(1) and cron(8) may actually decrease security because the spread > the responsibility for authentication and authorization over more code. > Crontab(1) as-is can be programmed very simply and quite securely so > long, and regardless of what UID it runs as to drop files into the > queuing area, if that UID is cracked then root is as good as gone too, > so one may as well just make crontab(1) set-UID root. If you require that the crontab file be owned by the user whose crontab it is you can probably do something. Then crontab just has to flip to the real uid from the euid that it is setuid to. You may need to pop a setgid in there instead to allow permission for crontab to create files with the right owner. It isn't as simple as this, however, since you now open the crontab file to "outside" editing by the user. In an ideal world it wouldn't matter, however it needs to be checked. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message