10 messages in org.freebsd.freebsd-security[PATCH] Tighten /etc/crontab permissions| From | Sent On | Attachments |
|---|---|---|
| Xin LI | Aug 10, 2004 9:43 am | |
| Doug Barton | Aug 10, 2004 10:03 am | |
| Xin LI | Aug 10, 2004 11:17 am | |
| Garance A Drosihn | Aug 10, 2004 12:13 pm | |
| Gustavo A. Baratto | Aug 10, 2004 12:52 pm | |
| Jason Stone | Aug 10, 2004 1:29 pm | |
| Andrew McNaughton | Aug 10, 2004 1:38 pm | |
| Ryan Thompson | Aug 11, 2004 1:56 pm | |
| Xin LI | Aug 11, 2004 9:05 pm | |
| Doug Barton | Aug 11, 2004 9:56 pm |
| Subject: | [PATCH] Tighten /etc/crontab permissions | |
|---|---|---|
| From: | Xin LI (delp...@frontfree.net) | |
| Date: | Aug 10, 2004 11:17:16 am | |
| List: | org.freebsd.freebsd-security | |
Hi, Doug
On Tue, Aug 10, 2004 at 10:02:09AM -0700, Doug Barton wrote:
On Wed, 11 Aug 2004, Xin LI wrote:
Hi folks,
While investigating OpenBSD's cron implementation, I found that they set the systemwide crontab (a.k.a. /etc/crontab) to be readable by the superuser only. The attached patch will bring this to FreeBSD by moving crontab out from BIN1 group and install it along with master.passwd.
Do you have a reason for wanting to do this other than, "OpenBSD does it this way?" I personally see no problems, and some benefit for users being able to see the system crontab. If the superuser needs to run "secret" cron jobs, then there is root's crontab that can be used for this purpose.
Can you elaborate on your thinking?
Well... This seems much more than "OpenBSD does it" to me :-)
On a system that all users plays good, it does not matter if other users can see the crontab. However, if it gets compromised, chances that a badly configured system, say, with some permissions badly granted, would give the intruder a better chance to get more privilege if [s]he can read the crontab, and I think this is one of the reasons why the per-user crontabs are kept in /var/cron and without granting users to see each others'.
I'm not sure if this is a sort of abusing systemwide crontabs, but the administrators at my company have used them to run some tasks periodly under other identities (to limit these tasks' privilege), and it provided a somewhat "centralized" management so they would prefer to use systemwide crontab rather than per-user ones.
What do you think about the benefit for users being able to see the system crontab? I think knowing what would be executed under others' identity is (at least) not always a good thing, especially the users we generally don't fully trust...
Cheers,
-- Xin LI <delphij frontfree net> http://www.delphij.net/ See complete headers for GPG key and other information.