[BBLISA] limiting cron's capability?
Dean Anderson
dean at av8.com
Wed Jan 23 18:37:27 EST 2008
On Wed, 23 Jan 2008, John Stoffel wrote:
>
> Scott> Is it possible to prevent cron from executing something in a
> Scott> world-readable directory, or a directory branching off a
> Scott> world-readable directory?
>
> Umm... not that I know of. How would you expect cron to know this?
Same way sendmail knows to ignore .forwards in world-writable
directories....
> All it has is a list of times and commands to run. Now this list is
> stored in a directory/file which should be locked down pretty well.
Yes, but the commands it runs can be anywhere... World-readable is
probably not too worrisome. World-_writable_ is another story.
Scott, are you sure you don't mean world-writeable?
> Also, if / is world reable, which it is by default, then you're asking
> for cron to NOT run anything underneath that.
>
> So why don't we backup and try to figure out what you're *really*
> asking for here? It's obviously something security related, but what?
--
Av8 Internet Prepared to pay a premium for better service?
www.av8.net faster, more reliable, better service
617 344 9000
More information about the bblisa
mailing list