From owner-freebsd-security@FreeBSD.ORG Tue Aug 10 18:10:49 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 155C816A4CE for ; Tue, 10 Aug 2004 18:10:49 +0000 (GMT) Received: from mail.freebsd.org.cn (dns3.freebsd.org.cn [61.129.66.75]) by mx1.FreeBSD.org (Postfix) with SMTP id 9E11743D1D for ; Tue, 10 Aug 2004 18:10:47 +0000 (GMT) (envelope-from delphij@frontfree.net) Received: (qmail 91509 invoked by uid 0); 10 Aug 2004 18:08:14 -0000 Received: from unknown (HELO beastie.frontfree.net) (219.239.98.7) by mail.freebsd.org.cn with SMTP; 10 Aug 2004 18:08:14 -0000 Received: from localhost (localhost.frontfree.net [127.0.0.1]) by beastie.frontfree.net (Postfix) with ESMTP id AE698119DE; Wed, 11 Aug 2004 02:10:44 +0800 (CST) Received: from beastie.frontfree.net ([127.0.0.1]) by localhost (beastie.frontfree.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 01919-10; Wed, 11 Aug 2004 02:10:41 +0800 (CST) Received: by beastie.frontfree.net (Postfix, from userid 1001) id A5459119C2; Wed, 11 Aug 2004 02:10:39 +0800 (CST) Date: Wed, 11 Aug 2004 02:10:39 +0800 From: Xin LI To: Doug Barton Message-ID: <20040810181039.GA3189@frontfree.net> References: <20040810161305.GA161@frontfree.net> <20040810095953.H1984@qbhto.arg> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="BOKacYhQ+x31HxR3" Content-Disposition: inline In-Reply-To: <20040810095953.H1984@qbhto.arg> User-Agent: Mutt/1.4.2.1i X-GPG-key-ID/Fingerprint: 0xCAEEB8C0 / 43B8 B703 B8DD 0231 B333 DC28 39FB 93A0 CAEE B8C0 X-GPG-Public-Key: http://www.delphij.net/delphij.asc X-Operating-System: FreeBSD beastie.frontfree.net 5.2-delphij FreeBSD 5.2-delphij #3: Fri Jul 30 20:01:43 CST 2004 delphij@beastie.frontfree.net:/usr/obj/usr/src/sys/BEASTIE i386 X-URL: http://www.delphij.net X-By: delphij@beastie.frontfree.net X-Location: Beijing, China X-Virus-Scanned: by amavisd-new at frontfree.net cc: "freebsd-security@FreeBSD.org" Subject: Re: [PATCH] Tighten /etc/crontab permissions X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Aug 2004 18:10:49 -0000 --BOKacYhQ+x31HxR3 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, Doug On Tue, Aug 10, 2004 at 10:02:09AM -0700, Doug Barton wrote: >=20 > On Wed, 11 Aug 2004, Xin LI wrote: >=20 > >Hi folks, > > > >While investigating OpenBSD's cron implementation, I found that they set > >the systemwide crontab (a.k.a. /etc/crontab) to be readable by the > >superuser only. The attached patch will bring this to FreeBSD by moving > >crontab out from BIN1 group and install it along with master.passwd. >=20 > Do you have a reason for wanting to do this other than, "OpenBSD does it= =20 > this way?" I personally see no problems, and some benefit for users=20 > being able to see the system crontab. If the superuser needs to run=20 > "secret" cron jobs, then there is root's crontab that can be used for=20 > this purpose. >=20 > Can you elaborate on your thinking? Well... This seems much more than "OpenBSD does it" to me :-) On a system that all users plays good, it does not matter if other users can see the crontab. However, if it gets compromised, chances that a badly configured system, say, with some permissions badly granted, would give the intruder a better chance to get more privilege if [s]he can read the crontab, and I think this is one of the reasons why the per-user cronta= bs are kept in /var/cron and without granting users to see each others'. I'm not sure if this is a sort of abusing systemwide crontabs, but the administrators at my company have used them to run some tasks periodly under other identities (to limit these tasks' privilege), and it provided a somewhat "centralized" management so they would prefer to use systemwide crontab rather than per-user ones. What do you think about the benefit for users being able to see the system crontab? I think knowing what would be executed under others' identity is (at least) not always a good thing, especially the users we generally don't fully trust... Cheers, --=20 Xin LI http://www.delphij.net/ See complete headers for GPG key and other information. --BOKacYhQ+x31HxR3 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (FreeBSD) iD8DBQFBGQ+fOfuToMruuMARAtmyAJ4r2KexkN1yT//vP6rt1gcS4Q87FwCeMcI5 SABDh7+mgJn1GjKTBWLpz1g= =FQRX -----END PGP SIGNATURE----- --BOKacYhQ+x31HxR3--