Re: [PATCH] Tighten /etc/crontab permissions

From: Jason Stone (freebsd-security_at_dfmm.org)
Date: 08/10/04

  • Next message: Andrew McNaughton: "Re: [PATCH] Tighten /etc/crontab permissions"
    Date: Tue, 10 Aug 2004 13:17:14 -0700 (PDT)
    To: "freebsd-security@FreeBSD.org" <freebsd-security@FreeBSD.org>
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    > What do you think about the benefit for users being able to see the
    > system crontab? I think knowing what would be executed under others'
    > identity is (at least) not always a good thing, especially the users we
    > generally don't fully trust...

    so do you also suggest that we default to setting the sysctl variables
    that prevent users from seeing each others processes with ps(1)?

    because to me, if you want to be hard core, that seems like a much more
    obvious place to start - who cares that I can read crontab if I can run ps
    and see _all_ the other processes on the system, not just the ones in
    cron.

    the default install has to strike the right balance of security out of the
    box and usability out of the box, and it's sometimes unclear what are the
    right choices. but even if you want to err on the side of security, you
    still have to think about things logically, and think of what exactly
    you're protecting and from whom. if users shouldn't be able to see each
    others' processes, then you should address that from a more systemic level
    and not just try to tack on little security annoyances.

    if you want to say that users shouldn't be able to see each other, then
    think about all the ways that users can see each other - reading each
    others' files, seeing each others' process with ps or in /proc, seeing
    what network ports other users have bound with sockstat or lsof - then
    decide which are the important things to lock down, which ones are easy
    and which ones are not worth it, and come up with a more comprehensive
    approach.

    I wouldn't object to a general, high-level security option to prevent
    users from seeing each other, but only changing the permissions on crontab
    doesn't buy you any real security, it just creates annoyances.

     -Jason

     --------------------------------------------------------------------------
     Freud himself was a bit of a cold fish, and one cannot avoid the suspicion
     that he was insufficiently fondled when he was an infant.
            -- Ashley Montagu
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.3 (FreeBSD)
    Comment: See https://private.idealab.com/public/jason/jason.gpg

    iD8DBQFBGS1MswXMWWtptckRAl9WAJ9Ta51dessY0ys9ResdCrQ0r5MdAgCfZKpM
    VXG3QzBfa5AxtoN4KybrbWs=
    =GmfW
    -----END PGP SIGNATURE-----
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"


  • Next message: Andrew McNaughton: "Re: [PATCH] Tighten /etc/crontab permissions"

    Relevant Pages