[BBLISA] crontab - corrected version

Sean OMeara someara at gmail.com
Wed Jan 23 21:37:48 EST 2008


sean at navi:~$ apt-get source cron

It's a pretty small and simple program....
grep main\( *.c and follow for a sec....

you'll get to this:

sean at navi:~/cron-3.0pl1$ grep do_command *.c
database.c:      * getpwnam() in do_command.c's child_process to verify MAILTO=,
do_command.c:static char rcsid[] = "$Id: do_command.c,v 2.12
1994/01/15 20:43:43 vixie Exp $";
do_command.c:do_command(e, u)
do_command.c:   Debug(DPROC, ("[%d] do_command(%s, (%s,%d,%d))\n",
do_command.c:             snprintf(msg, 256, "do_command:setuid(%lu)
failed: %s",
job.c:          do_command(j->e, j->u);

Examine a little further and you'll find cron has no functionality
like you're looking for.

You'll either have to patch cron to do what you want, or approach
whatever problem you're trying to solve form another angle.

-s


On Jan 23, 2008 9:26 PM, David Allan <dave at dpallan.com> wrote:
> On Wed, 23 Jan 2008, Scott Ehrlich wrote:
>
> > So I want to see if there is a way to restrict crontab from running an
> > executable or anything else from a world-writable directory, or subdirectory
> > thereof.
>
> I'm curious what your concern with cron is.  Since cron, as several people
> have pointed out, just runs jobs with the privileges of the owner of the
> crontab, its jobs don't have any privileges beyond what the user has.
> So, if the user can do something dangerous, it would make sense to prevent
> it, but why attack the problem through cron?
>
> Dave
>
>
> _______________________________________________
> bblisa mailing list
> bblisa at bblisa.org
> http://www.bblisa.org/mailman/listinfo/bblisa
>




More information about the bblisa mailing list