Date: Sat, 16 Jun 2001 17:06:33 -0600 From: Brad Huntting <huntting@glarp.com> To: "Crist Clark" <crist.clark@globalstar.com> Cc: Dima Dorfman <dima@unixfreak.org>, Brad Huntting <huntting@glarp.com>, freebsd-gnats-submit@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: misc/28188: Cron is being started to early in /etc/rc (potential security hole) Message-ID: <200106162306.f5GN6Xx45201@hunkular.glarp.com> In-Reply-To: Your message of "Sat, 16 Jun 2001 14:34:13 PDT." <3B2BD0D5.1DBC1B38@globalstar.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> But you are right of course, the most secure way to go is raise > securelevel as early as possible in the boot sequence (although > off of the top of my head, I can't think of anything besides cron(8) > that would run non-"trusted" code).[...] Sendmail (runs programs specified in .forward files), inetd (ftp, telnet, etc) sshd (user shells), httpd (cgi-bin's).... Cron's @reboot is just the easiest one to exploit. brad To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200106162306.f5GN6Xx45201>