Subject: Re: cron (was Re: BSD auth for NetBSD)
To: Steven M. Bellovin <>
From: Ted Unangst <>
List: tech-security
Date: 09/14/2003 19:42:01
On Sat, 13 Sep 2003, Steven M. Bellovin wrote:

> >Has there been any discussion on getting rid of setuid root and just using
> >setgid of cron-specific group? (And making the cron tabs directory
> >writable by that group.)
> >
> That's a distinction without a difference, since a subverted crontab 
> could rewrite root's file, which would be executed as root by crond.

how does a subverted setgid crontab write to
-rw-------  1 root  crontab  918 Aug 18  2002 root

we used to hate people
now we just make fun of them
it's more effective that way