Date: Thu, 18 Jan 2001 01:07:35 +0000 From: void <float@firedrake.org> To: David Malone <dwmalone@maths.tcd.ie> Cc: Peter Pentchev <roam@orbitel.bg>, mbac@mmap.nyct.net, hackers@FreeBSD.org Subject: Re: Permissions on crontab.. Message-ID: <20010118010735.A21964@firedrake.org> In-Reply-To: <200101171045.aa30069@salmon.maths.tcd.ie>; from dwmalone@maths.tcd.ie on Wed, Jan 17, 2001 at 10:45:57AM %2B0000 References: <20010117123740.Q364@ringworld.oblivion.bg> <200101171045.aa30069@salmon.maths.tcd.ie>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jan 17, 2001 at 10:45:57AM +0000, David Malone wrote: > > True - but I'd say it provides a false sense of security, which > might be more damaging than the extra security provided against > read-only exploits in crontab. That's silly. Group tty can be leveraged to provide more privilege, but that doesn't mean write(1) should be setuid root, or that having write(1) setgid tty provides a false sense of security. I think that the proposed change would be a good idea, and that it's consistent with write(1) and other uses of setgid. -- Ben 220 go.ahead.make.my.day ESMTP Postfix To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010118010735.A21964>