From owner-freebsd-security@FreeBSD.ORG  Tue Aug 10 17:02:11 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 93D3D16A4CE
	for <freebsd-security@freebsd.org>;
	Tue, 10 Aug 2004 17:02:11 +0000 (GMT)
Received: from sccrmhc13.comcast.net (sccrmhc13.comcast.net [204.127.202.64])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3E9AE43D2D
	for <freebsd-security@freebsd.org>;
	Tue, 10 Aug 2004 17:02:11 +0000 (GMT)
	(envelope-from DougB@freebsd.org)
Received: from dougb.net ([24.130.110.32]) by comcast.net (sccrmhc13) with
	SMTP          id <2004081017021001600qu9sre>;
	Tue, 10 Aug 2004 17:02:10 +0000
Date: Tue, 10 Aug 2004 10:02:09 -0700 (PDT)
From: Doug Barton <DougB@FreeBSD.org>
To: Xin LI <delphij@frontfree.net>
In-Reply-To: <20040810161305.GA161@frontfree.net>
Message-ID: <20040810095953.H1984@qbhto.arg>
References: <20040810161305.GA161@frontfree.net>
Organization: http://www.FreeBSD.org/
X-message-flag: Outlook -- Not just for spreading viruses anymore!
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
cc: "freebsd-security@FreeBSD.org" <freebsd-security@FreeBSD.org>
Subject: Re: [PATCH] Tighten /etc/crontab permissions
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Aug 2004 17:02:11 -0000

On Wed, 11 Aug 2004, Xin LI wrote:

> Hi folks,
>
> While investigating OpenBSD's cron implementation, I found that they set
> the systemwide crontab (a.k.a. /etc/crontab) to be readable by the
> superuser only.  The attached patch will bring this to FreeBSD by moving
> crontab out from BIN1 group and install it along with master.passwd.

Do you have a reason for wanting to do this other than, "OpenBSD does it 
this way?" I personally see no problems, and some benefit for users 
being able to see the system crontab. If the superuser needs to run 
"secret" cron jobs, then there is root's crontab that can be used for 
this purpose.

Can you elaborate on your thinking?

Doug

-- 

     This .signature sanitized for your protection