[BBLISA] limiting cron's capability?
Scott Ehrlich
scott at MIT.EDU
Wed Jan 23 18:45:24 EST 2008
On Wed, 23 Jan 2008, Dean Anderson wrote:
> On Wed, 23 Jan 2008, John Stoffel wrote:
>
>>
>> Scott> Is it possible to prevent cron from executing something in a
>> Scott> world-readable directory, or a directory branching off a
>> Scott> world-readable directory?
>>
>> Umm... not that I know of. How would you expect cron to know this?
>
> Same way sendmail knows to ignore .forwards in world-writable
> directories....
>
>> All it has is a list of times and commands to run. Now this list is
>> stored in a directory/file which should be locked down pretty well.
>
> Yes, but the commands it runs can be anywhere... World-readable is
> probably not too worrisome. World-_writable_ is another story.
>
> Scott, are you sure you don't mean world-writeable?
>
Hi Dean:
Yes - a followup email from me pointed out the error/confusion of many :-)
I am looking to try and prevent cron from running jobs or executables in
world-writable directories, or subdirectories of world-writable
directories.
Thanks for any leads.
Scott
More information about the bblisa
mailing list