From owner-freebsd-hackers Wed Jan 17 17:43:27 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from mmap.nyct.net (mmap.nyct.net [216.44.109.243]) by hub.freebsd.org (Postfix) with ESMTP id 0813337B400 for ; Wed, 17 Jan 2001 17:43:11 -0800 (PST) Received: by mmap.nyct.net (Postfix, from userid 1000) id 36B6BFAB0; Wed, 17 Jan 2001 20:43:00 -0500 (EST) Date: Wed, 17 Jan 2001 20:43:00 -0500 To: void Cc: David Malone , Peter Pentchev , hackers@FreeBSD.org Subject: Re: Permissions on crontab.. Message-ID: <20010117204300.A32417@mmap.nyct.net> References: <20010117123740.Q364@ringworld.oblivion.bg> <200101171045.aa30069@salmon.maths.tcd.ie> <20010118010735.A21964@firedrake.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010118010735.A21964@firedrake.org>; from float@firedrake.org on Thu, Jan 18, 2001 at 01:07:35AM +0000 From: mbac@mmap.nyct.net (Michael Bacarella) Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, Jan 18, 2001 at 01:07:35AM +0000, void wrote: > > True - but I'd say it provides a false sense of security, which > > might be more damaging than the extra security provided against > > read-only exploits in crontab. > > That's silly. Group tty can be leveraged to provide more privilege, > but that doesn't mean write(1) should be setuid root, or that having > write(1) setgid tty provides a false sense of security. > > I think that the proposed change would be a good idea, and that it's > consistent with write(1) and other uses of setgid. Ideally, crontab wouldn't be suid/gid _anything_ and users own their own crontab file, but perhaps I've said too much. :) -- Michael Bacarella Technical Staff / New York Connect.Net, Ltd Daytime Phone: (212) 581-2831 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message