Date: Wed, 3 Jul 2002 11:52:19 +0300 From: Peter Pentchev <roam@ringlet.net> To: Kim Okasawa <kimokasawa@hotmail.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Any security issues with root's cron job? Message-ID: <20020703085219.GC384@straylight.oblivion.bg> In-Reply-To: <F196dVHga3btg7dw7p70000552e@hotmail.com> References: <F196dVHga3btg7dw7p70000552e@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Wed, Jul 03, 2002 at 09:59:15AM +0900, Kim Okasawa wrote: > > Dear all, > > I want to set up a crob job to run a script (Perl or shell). The script > will be read/write/exec by root only (i.e. 700 or -rwx------). It will run > /sbin/ipfw periodically to change rules according to need. > > Can anyone think of any potential security risks to such practice? Any > suggestions and comments are greatly appreciated. Thank you! I can see no problem with that as far as you described it; any potential problems would crawl out of the 'according to need' part. You'd better be damn sure that no one but specially-authorized-sysadmin-processes can indicate 'need'. Other than that, no, there is no problem with root cron jobs per se, as long as you are careful :) G'luck, Peter -- Peter Pentchev roam@ringlet.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 This sentence no verb. [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE9IrtD7Ri2jRYZRVMRAscIAKDEP+67h/qtHSYkTfgq1uZKrjXBvwCgiYey P7Khp20hbpWY2FVO1ppjPX4= =zeFj -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020703085219.GC384>