From owner-freebsd-hackers  Wed Jan 17 23:42:59 2001
Delivered-To: freebsd-hackers@freebsd.org
Received: from rapier.smartspace.co.za (rapier.smartspace.co.za [66.8.25.34])
	by hub.freebsd.org (Postfix) with SMTP id 4DC9A37B400
	for <hackers@FreeBSD.org>; Wed, 17 Jan 2001 23:42:39 -0800 (PST)
Received: (qmail 7550 invoked by uid 1001); 18 Jan 2001 07:42:36 -0000
Date: Thu, 18 Jan 2001 09:42:36 +0200
From: Neil Blakey-Milner <nbm@mithrandr.moria.org>
To: Michael Bacarella <mbac@mmap.nyct.net>
Cc: void <float@firedrake.org>, David Malone <dwmalone@maths.tcd.ie>,
	Peter Pentchev <roam@orbitel.bg>, hackers@FreeBSD.org
Subject: Re: Permissions on crontab..
Message-ID: <20010118094236.A7426@rapier.smartspace.co.za>
References: <20010117123740.Q364@ringworld.oblivion.bg> <200101171045.aa30069@salmon.maths.tcd.ie> <20010118010735.A21964@firedrake.org> <20010117204300.A32417@mmap.nyct.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20010117204300.A32417@mmap.nyct.net>; from mbac@mmap.nyct.net on Wed, Jan 17, 2001 at 08:43:00PM -0500
Organization: Building Intelligence
X-Operating-System: FreeBSD 4.2-RELEASE i386
X-URL: http://rucus.ru.ac.za/~nbm/
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Wed 2001-01-17 (20:43), Michael Bacarella wrote:
> On Thu, Jan 18, 2001 at 01:07:35AM +0000, void wrote:
> 
> > > True - but I'd say it provides a false sense of security, which
> > > might be more damaging than the extra security provided against
> > > read-only exploits in crontab.
> > 
> > That's silly.  Group tty can be leveraged to provide more privilege,
> > but that doesn't mean write(1) should be setuid root, or that having
> > write(1) setgid tty provides a false sense of security.
> > 
> > I think that the proposed change would be a good idea, and that it's
> > consistent with write(1) and other uses of setgid.
> 
> Ideally, crontab wouldn't be suid/gid _anything_ and users own their
> own crontab file, but perhaps I've said too much. :)

They do own their own crontab file.  The setgid is for adjusting the
modification time on the crontab directory, to signal to cron that there
has been a change.

Neil
-- 
Neil Blakey-Milner
nbm@mithrandr.moria.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message