tech-security: Re: cron (was Re: BSD auth for NetBSD)

Subject: Re: cron (was Re: BSD auth for NetBSD)
To: None <tech-userlevel@NetBSD.ORG>
From: Todd C. Miller <Todd.Miller@courtesan.com>
List: tech-security
Date: 09/15/2003 13:09:39

In message <Pine.LNX.4.43.0309131918410.12784-100000@pilchuck.reedmedia.net>
	so spake "Jeremy C. Reed" (reed):

> These are easy fixes (and not related to any authentication as far as I
> know).
> 
> Has there been any discussion on getting rid of setuid root and just using
> setgid of cron-specific group? (And making the cron tabs directory
> writable by that group.)

FYI, the latest ISC cron code supports running setgid instead of setuid.
You probably need to ask Vixie for a current shar file since the ISC
web site doesn't have anything later than cron_4.0_b1.shar.  FWIW,
I've fed all the changes I've made to cron in OpenBSD back to Paul,
though what's in his tree doesn't contain the at/atrun stuff yet.

 - todd