Subject: Re: cron (was Re: BSD auth for NetBSD)
To: Steven M. Bellovin <smb@research.att.com>
From: Ted Unangst <tedu@zeitbombe.org>
List: tech-userlevel
Date: 09/14/2003 19:42:01
On Sat, 13 Sep 2003, Steven M. Bellovin wrote:
> >Has there been any discussion on getting rid of setuid root and just using
> >setgid of cron-specific group? (And making the cron tabs directory
> >writable by that group.)
> >
>
> That's a distinction without a difference, since a subverted crontab
> could rewrite root's file, which would be executed as root by crond.
how does a subverted setgid crontab write to
-rw------- 1 root crontab 918 Aug 18 2002 root
?
--
we used to hate people
now we just make fun of them
it's more effective that way