Date: Thu, 18 Jan 2001 09:42:36 +0200 From: Neil Blakey-Milner <nbm@mithrandr.moria.org> To: Michael Bacarella <mbac@mmap.nyct.net> Cc: void <float@firedrake.org>, David Malone <dwmalone@maths.tcd.ie>, Peter Pentchev <roam@orbitel.bg>, hackers@FreeBSD.org Subject: Re: Permissions on crontab.. Message-ID: <20010118094236.A7426@rapier.smartspace.co.za> In-Reply-To: <20010117204300.A32417@mmap.nyct.net>; from mbac@mmap.nyct.net on Wed, Jan 17, 2001 at 08:43:00PM -0500 References: <20010117123740.Q364@ringworld.oblivion.bg> <200101171045.aa30069@salmon.maths.tcd.ie> <20010118010735.A21964@firedrake.org> <20010117204300.A32417@mmap.nyct.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed 2001-01-17 (20:43), Michael Bacarella wrote: > On Thu, Jan 18, 2001 at 01:07:35AM +0000, void wrote: > > > > True - but I'd say it provides a false sense of security, which > > > might be more damaging than the extra security provided against > > > read-only exploits in crontab. > > > > That's silly. Group tty can be leveraged to provide more privilege, > > but that doesn't mean write(1) should be setuid root, or that having > > write(1) setgid tty provides a false sense of security. > > > > I think that the proposed change would be a good idea, and that it's > > consistent with write(1) and other uses of setgid. > > Ideally, crontab wouldn't be suid/gid _anything_ and users own their > own crontab file, but perhaps I've said too much. :) They do own their own crontab file. The setgid is for adjusting the modification time on the crontab directory, to signal to cron that there has been a change. Neil -- Neil Blakey-Milner nbm@mithrandr.moria.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010118094236.A7426>