Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 3 Jul 2002 11:52:19 +0300
From:      Peter Pentchev <roam@ringlet.net>
To:        Kim Okasawa <kimokasawa@hotmail.com>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: Any security issues with root's cron job?
Message-ID:  <20020703085219.GC384@straylight.oblivion.bg>
In-Reply-To: <F196dVHga3btg7dw7p70000552e@hotmail.com>
References:  <F196dVHga3btg7dw7p70000552e@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

--WYTEVAkct0FjGQmd
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Jul 03, 2002 at 09:59:15AM +0900, Kim Okasawa wrote:
>=20
> Dear all,
>=20
> I want to set up a crob job to run a script (Perl or shell).  The script=
=20
> will be read/write/exec by root only (i.e. 700 or -rwx------).  It will r=
un=20
> /sbin/ipfw periodically to change rules according to need.
>=20
> Can anyone think of any potential security risks to such practice?  Any=
=20
> suggestions and comments are greatly appreciated.  Thank you!

I can see no problem with that as far as you described it; any potential
problems would crawl out of the 'according to need' part.  You'd better
be damn sure that no one but specially-authorized-sysadmin-processes can
indicate 'need'.

Other than that, no, there is no problem with root cron jobs per se, as
long as you are careful :)

G'luck,
Peter

--=20
Peter Pentchev	roam@ringlet.net	roam@FreeBSD.org
PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
This sentence no verb.

--WYTEVAkct0FjGQmd
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)

iD8DBQE9IrtD7Ri2jRYZRVMRAscIAKDEP+67h/qtHSYkTfgq1uZKrjXBvwCgiYey
P7Khp20hbpWY2FVO1ppjPX4=
=zeFj
-----END PGP SIGNATURE-----

--WYTEVAkct0FjGQmd--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020703085219.GC384>