Re: semi-newbie question | atd | GNU/Linux

From: /dev/rob0 (rob0_at_gmx.co.uk)
Date: 09/27/03 

Date: Fri, 26 Sep 2003 19:51:09 -0700

In article <kml9nvc3u2dgbhp6i0hd7ok56jcbut9gef@4ax.com>,
  evan.cooch@NOSPAMcornell.edu wrote:
> Now, my more experienced friends tell me that atd is a security risk,
> [snip]
> Open to suggestions...

Any security analysis must consider the threat model. How many users do
you have on this system? Since you allude to a lack of experience, I'm
guessing it's just you. And in that case I cannot imagine any possible
security risk in running atd. It's not a network daemon! Your only
exposure is to local users.

(If I'm wrong about any of that I hope someone will point out where and
why.)

If you do have multiple users, how much do you trust them? I suppose
that with atd a user could schedule a glut of jobs and possibly DoS the
system. Hmmm ... "sleep" and "nohup" could do that too. If you have
unknown and untrusted users, I suggest you hand off the sysadmin job to
someone more experienced. :) You could rein them in with restricted
shells, disk quotas, and process limits. 

-- 
  /dev/rob0 - preferred_email=i$((28*28+28))@softhome.net
  or put "not-spam" or "/dev/rob0" in Subject header to reply

Relevant Pages

  • Re: semi-newbie question | atd | GNU/Linux
    ... > Now, my more experienced friends tell me that atd is a security risk, ... Any security analysis must consider the threat model. ... security risk in running atd. ... I suggest you hand off the sysadmin job to ...
    (comp.os.linux.security)
  • Re: semi-newbie question | atd | GNU/Linux
    ... >> Now, my more experienced friends tell me that atd is a security risk, ... >security risk in running atd. ... >exposure is to local users. ... I suggest you hand off the sysadmin job to ...
    (comp.os.linux.security)