Date: Mon, 11 Dec 2000 01:35:51 -0500 From: Chris Richards <richards+bsd@CS.Princeton.EDU> To: Robert Watson <rwatson@FreeBSD.org> Cc: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/etc crontab Message-ID: <20001211013551.A30301@ethel.williams.edu> In-Reply-To: <Pine.NEB.3.96L.1001210142216.24257C-100000@fledge.watson.org>; from rwatson@FreeBSD.org on Sun, Dec 10, 2000 at 02:26:05PM -0500 References: <200012101856.NAA30441@khavrinen.lcs.mit.edu> <Pine.NEB.3.96L.1001210142216.24257C-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Dec 10, 2000 at 02:26:05PM -0500, Robert Watson wrote: > > > As such, any random process running as any random user can acquire > > > the lock and stack up all your periodic scripts, > > > > If and only if they are allowed to open the file in the first place. > > This is correct. However, this does not apply to the periodic binary, > directories, or most base system files, unfortunately. Maybe we need a > /var/run/locks with appropriate turnstile files with appropriate modes > set. I don't understand what you mean to say here. What's to prevent the creation of a /var/run/periodic.lock, for example, with mode 600? Then periodic, running as root, will be able to aquire the advisory lock on this file, and ordinary users won't. The possibility of a DoS is thus eliminated. Am I missing something obvious? In the quoted material above, you seem to be suggesting that it is insecure to use most base system files as lock files. True -- but what would be the point in doing so? -chris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001211013551.A30301>