Re: Session IDs & LUID point to consider.

From: Horst von Brand (vonbrand@sleipnir.valparaiso.cl)
Date: Fri Apr 21 2000 - 16:06:46 EDT

Next message: Adam K Kirchhoff: "Re: Problems umounting w/ pre5/pre6"

Previous message: Matthew Dharm: "Re: Problems umounting w/ pre5/pre6"
Next in thread: allbery@kf8nh.apk.net: "Re: Session IDs & LUID point to consider."
Reply: allbery@kf8nh.apk.net: "Re: Session IDs & LUID point to consider."
Reply: Linda Walsh: "Re: Session IDs & LUID point to consider."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Linda Walsh <law@sgi.com> said:

[...]

> Another problem is 'cron'. While 'at' can encode an luid in the job name how
> do you tell what authorized user is running a 'cronjob'? One authorized
> user could be executing an SUID program to another user and edit that user's
> crontab. The only way I can come up with there is to dis-allow user-level
> cronjobs on a secure system (using existing configuration options:
> cron.allow/deny).

You could record the LUID which last changed the crontab file offline, and
make crond(8) run it under that one.

-- Horst von Brand vonbrand@sleipnir.valparaiso.cl Casilla 9G, Viña del Mar, Chile +56 32 672616

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Adam K Kirchhoff: "Re: Problems umounting w/ pre5/pre6"
Previous message: Matthew Dharm: "Re: Problems umounting w/ pre5/pre6"
Next in thread: allbery@kf8nh.apk.net: "Re: Session IDs & LUID point to consider."
Reply: allbery@kf8nh.apk.net: "Re: Session IDs & LUID point to consider."
Reply: Linda Walsh: "Re: Session IDs & LUID point to consider."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Fri Apr 21 2000 - 20:22:59 EDT