Date: Thu, 13 Apr 1995 10:52:51 -0600 From: Nate Williams <nate@trout.sri.MT.net> To: Mike Pritchard <pritc003@maroon.tc.umn.edu>, ache@astral.msk.su (Andrey A. Chernov, Black Mage) Cc: freebsd-security@FreeBSD.org Subject: Re: cvs commit: src/usr.sbin/cron/cron do_command.c Message-ID: <199504131652.KAA26380@trout.sri.MT.net> In-Reply-To: Mike Pritchard <pritc003@maroon.tc.umn.edu> "Re: cvs commit: src/usr.sbin/cron/cron do_command.c" (Apr 13, 11:31am)
next in thread | previous in thread | raw e-mail | index | archive | help
> > >I still think that the best way to fix this problem is to require that > > >the user name that cron intends to send mail to points to a valid login > > >name (which my fix does). > > Your fix breaks MAILTO handling according to cron manpage. > > How? The cron man page states: > ... > current minute. When executing commands, any output is > mailed to the owner of the crontab (or to the user named > in the MAILTO environment variable in the crontab, if such > exists). > > It doesn't sound like cron is saying that it allows anything other > than a valid user name in the MAILTO varaible. It doesn't say anything > about mailing to a mail address, just to a user. If you need the mail > to go somewhere else, either setup an account that cron can mail to > that you can forward in /etc/aliases, or if you are a normal user, use > one of the mail filtering programs to do it for you. Cron shouldn't > have to worry about anything other than delivering mail back to a > valid local user. I don't understand the problem completely, but I agree with Mike. You shouldn't be allowed to set MAILTO to anything but a local username. Nothing more, nothing less. If you need more flexibility then cron isn't the program to provide it to you. Any un-necessary flexibility provided in setuid/setgid programs almost always creates security bugs. Nate
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199504131652.KAA26380>