[BBLISA] Appreciate the help...

[Daniel Feenberg]

On Thu, 24 Jan 2008, David Allan wrote:

> On Wed, 23 Jan 2008, Scott Ehrlich wrote:
>> I try not to wear out the list, but do what the list was created for - 
>> discussion and inquiry of UNIX and related topics.
>
> I don't think you'll wear out the list, but I would like clearer statements 
> about the user's goals along with the technical questions. Writing down the 
> user's goals frequently exposes assumptions that totally alter the technical 
> (or perhaps non-technical) solution.  The purely technical question you ask 
> the list, although you will eventually get an accurate answer, may not be the 
> question that you need to ask in order to make the user happy.  People 
> reading the list aren't going to pick up on that without background.
>

Like you, I don't understand why Scott doesn't answer directly, but the 
rationale seems obvious enough. If Sendmail won't obey a .forward in a 
group or world writable directory (for fear that a trojan may executed 
from that file), why should cron be less carefull? It seems like a 
reasonable question. The security problem that sendmail is addressing 
comes up only in the presence of a user error, but the same can be said 
for cron. Indeed, by extension perhaps chmod should refuse to make 
executable such a file, although it would be a nuisance for chmod to do 
the obverse check (that there were no executable files in a directory 
about to become world writable). It isn't something I would be prepared to 
tell someone else they must or must not do this, but it is perhaps worth 
thinking about costs and benefits.

Dan Feenberg