Date: Wed, 12 Apr 1995 07:24:41 +0400 From: "Andrey A. Chernov, Black Mage" <ache@astral.msk.su> To: freebsd-hackers@FreeBSD.org, Mike Pritchard <pritc003@maroon.tc.umn.edu> Subject: Re: atrun fix Message-ID: <ZOvVqYl02C@astral.msk.su> In-Reply-To: <199504111500.KAA01076@mpp.com>; from Mike Pritchard at Tue, 11 Apr 1995 10:00:48 -0500 (CDT) References: <199504111500.KAA01076@mpp.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <199504111500.KAA01076@mpp.com> Mike Pritchard writes: >Here is a fix for the atrun security hole. When sending mail, atrun >will switch ids to that of the user running the at job. This will >prevent the user from spoofing sendmail any more than they could from a >login shell. I also fixed it so that it correctly sets up the users groups >before running the at job or sending mail to the user. It also now requires >that the user be present in the password file before allowing the >job to execute. I just commit different fix for all problems that you mention. -- Andrey A. Chernov : And I rest so composedly, /Now, in my bed, ache@astral.msk.su : That any beholder /Might fancy me dead - FidoNet: 2:5020/230.3 : Might start at beholding me, /Thinking me dead. RELCOM Team,FreeBSD Team : E.A.Poe From "For Annie" 1849
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ZOvVqYl02C>