Date: Wed, 11 Aug 2004 00:13:05 +0800 From: Xin LI <delphij@frontfree.net> To: freebsd-security@FreeBSD.org Subject: [PATCH] Tighten /etc/crontab permissions Message-ID: <20040810161305.GA161@frontfree.net>
next in thread | raw e-mail | index | archive | help
--XF85m9dhOBO43t/C Content-Type: multipart/mixed; boundary="CE+1k2dSO48ffgeK" Content-Disposition: inline --CE+1k2dSO48ffgeK Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi folks, While investigating OpenBSD's cron implementation, I found that they set the systemwide crontab (a.k.a. /etc/crontab) to be readable by the superuser only. The attached patch will bring this to FreeBSD by moving crontab out from BIN1 group and install it along with master.passwd. This change should not affect the current cron(1) behavior. Cheers, --=20 Xin LI <delphij frontfree net> http://www.delphij.net/ See complete headers for GPG key and other information. --CE+1k2dSO48ffgeK Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename=patch-etc-Makefile Content-Transfer-Encoding: quoted-printable Index: Makefile =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/fcvs/src/etc/Makefile,v retrieving revision 1.327 diff -u -r1.327 Makefile --- Makefile 23 Mar 2004 22:17:34 -0000 1.327 +++ Makefile 10 Aug 2004 06:03:59 -0000 @@ -6,7 +6,7 @@ .endif =20 BIN1=3D amd.map apmd.conf auth.conf \ - crontab csh.cshrc csh.login csh.logout devd.conf devfs.conf \ + csh.cshrc csh.login csh.logout devd.conf devfs.conf \ dhclient.conf disktab fbtab ftpusers gettytab group \ hosts hosts.allow hosts.equiv hosts.lpd \ inetd.conf login.access login.conf \ @@ -73,7 +73,7 @@ ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 755 \ ${BIN2} ${DESTDIR}/etc; \ ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 600 \ - master.passwd nsmb.conf opieaccess ${DESTDIR}/etc; \ + crontab master.passwd nsmb.conf opieaccess ${DESTDIR}/etc; \ pwd_mkdb -p -d ${DESTDIR}/etc ${DESTDIR}/etc/master.passwd cd ${.CURDIR}/bluetooth; ${MAKE} install cd ${.CURDIR}/defaults; ${MAKE} install --CE+1k2dSO48ffgeK-- --XF85m9dhOBO43t/C Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (FreeBSD) iD8DBQFBGPQROfuToMruuMARAoTqAJkBHDBzhA/syFnozOSSVguF6rDAEACffdM1 dKvIfI0ua19FCrBFg41KksM= =uVB3 -----END PGP SIGNATURE----- --XF85m9dhOBO43t/C--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040810161305.GA161>