Date: Tue, 10 Aug 2004 13:17:14 -0700 (PDT) From: Jason Stone <freebsd-security@dfmm.org> To: "freebsd-security@FreeBSD.org" <freebsd-security@FreeBSD.org> Subject: Re: [PATCH] Tighten /etc/crontab permissions Message-ID: <20040810130428.L19702@walter> In-Reply-To: <20040810181039.GA3189@frontfree.net> References: <20040810161305.GA161@frontfree.net> <20040810095953.H1984@qbhto.arg> <20040810181039.GA3189@frontfree.net>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > What do you think about the benefit for users being able to see the > system crontab? I think knowing what would be executed under others' > identity is (at least) not always a good thing, especially the users we > generally don't fully trust... so do you also suggest that we default to setting the sysctl variables that prevent users from seeing each others processes with ps(1)? because to me, if you want to be hard core, that seems like a much more obvious place to start - who cares that I can read crontab if I can run ps and see _all_ the other processes on the system, not just the ones in cron. the default install has to strike the right balance of security out of the box and usability out of the box, and it's sometimes unclear what are the right choices. but even if you want to err on the side of security, you still have to think about things logically, and think of what exactly you're protecting and from whom. if users shouldn't be able to see each others' processes, then you should address that from a more systemic level and not just try to tack on little security annoyances. if you want to say that users shouldn't be able to see each other, then think about all the ways that users can see each other - reading each others' files, seeing each others' process with ps or in /proc, seeing what network ports other users have bound with sockstat or lsof - then decide which are the important things to lock down, which ones are easy and which ones are not worth it, and come up with a more comprehensive approach. I wouldn't object to a general, high-level security option to prevent users from seeing each other, but only changing the permissions on crontab doesn't buy you any real security, it just creates annoyances. -Jason -------------------------------------------------------------------------- Freud himself was a bit of a cold fish, and one cannot avoid the suspicion that he was insufficiently fondled when he was an infant. -- Ashley Montagu -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) Comment: See https://private.idealab.com/public/jason/jason.gpg iD8DBQFBGS1MswXMWWtptckRAl9WAJ9Ta51dessY0ys9ResdCrQ0r5MdAgCfZKpM VXG3QzBfa5AxtoN4KybrbWs= =GmfW -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040810130428.L19702>