On Sat, 13 Sep 2003, Steven M. Bellovin wrote:

> >Has there been any discussion on getting rid of setuid root and just using
> >setgid of cron-specific group? (And making the cron tabs directory
> >writable by that group.)
> >
> 
> That's a distinction without a difference, since a subverted crontab 
> could rewrite root's file, which would be executed as root by crond.

how does a subverted setgid crontab write to
-rw-------  1 root  crontab  918 Aug 18  2002 root
?


-- 
we used to hate people
now we just make fun of them
it's more effective that way