[BBLISA] limiting cron's capability?
Daniel Hagerty
hag at linnaean.org
Wed Jan 23 16:29:18 EST 2008
"John Stoffel" <john at stoffel.org> writes:
> Scott> Is it possible to prevent cron from executing something in a
> Scott> world-readable directory, or a directory branching off a
> Scott> world-readable directory?
>
> Umm... not that I know of. How would you expect cron to know this?
> All it has is a list of times and commands to run. Now this list is
> stored in a directory/file which should be locked down pretty well.
There's nothing in what Scott asks that's any more difficult than
a simple matter of programming. Cron has all of the information it
needs to produce an answer to the question, since it has to find the
executable to execute it. From there, it's just stat, check S_IWOTH,
and if that's OK, repeat the process one directory lower until you've
reached the root.
More information about the bblisa
mailing list