[plug] Crontab??
Bernd Felsche
bernie at innovative.iinet.net.au
Tue Jul 27 21:30:28 WST 2004
On Tuesday 27 July 2004 20:25, James Devenish wrote:
> In message <d12e5c9040727051976ccf73f at mail.gmail.com>
>
> on Tue, Jul 27, 2004 at 08:19:56PM +0800, Senectus . wrote:
> > root at one-eye senectus # ls -ld /usr/bin/crontab
> > -rwsr-x--- 1 root cron 24548 Apr 30 05:54 /usr/bin/crontab
>
> That's...interesting. Usually it's executable by everyone (this can be
> achieved by `chmod a+rx /usr/bin/crontab` as root). Not sure why Gentoo
> would disable crontab. The only other permissions scheme I recall is
> -r-xr-sr-x (as opposed to -rwsr-xr-x).
You'd better make sure that the security hole in crontab has been
plugged before exposing /usr/bin/crontab. There was an advisory some
time ago about a vulnerability... I've not seen a corresponding fix,
other than removal of "other" execute permissions from the command.
NB: Any member of the "cron" group can still run the command. It's
probably safer using that facility than giving carte-blanche access
in order to avoid opening the security hole too widely...
--
/"\ Bernd Felsche - Innovative Reckoning, Perth, Western Australia
\ / ASCII ribbon campaign | I'm a .signature virus!
X against HTML mail | Copy me into your ~/.signature
/ \ and postings | to help me spread!
More information about the plug
mailing list