From owner-freebsd-bugs Sat Jun 16 16:10:15 2001 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id E6DFA37B405 for ; Sat, 16 Jun 2001 16:10:03 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.3/8.11.3) id f5GNA3O94054; Sat, 16 Jun 2001 16:10:03 -0700 (PDT) (envelope-from gnats) Date: Sat, 16 Jun 2001 16:10:03 -0700 (PDT) Message-Id: <200106162310.f5GNA3O94054@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org Cc: From: Brad Huntting Subject: Re: misc/28188: Cron is being started to early in /etc/rc (potential security hole) Reply-To: Brad Huntting Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org The following reply was made to PR misc/28188; it has been noted by GNATS. From: Brad Huntting To: "Crist Clark" Cc: Dima Dorfman , Brad Huntting , freebsd-gnats-submit@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: misc/28188: Cron is being started to early in /etc/rc (potential security hole) Date: Sat, 16 Jun 2001 17:06:33 -0600 > But you are right of course, the most secure way to go is raise > securelevel as early as possible in the boot sequence (although > off of the top of my head, I can't think of anything besides cron(8) > that would run non-"trusted" code).[...] Sendmail (runs programs specified in .forward files), inetd (ftp, telnet, etc) sshd (user shells), httpd (cgi-bin's).... Cron's @reboot is just the easiest one to exploit. brad To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message