Re: semi-newbie question | atd | GNU/Linux
From: /dev/rob0 (rob0_at_gmx.co.uk)
Date: 09/27/03
- Next message: Harky: "Re: device eth0 entered promiscuous mode"
- Previous message: David: "Re: iptables and port forwarding"
- In reply to: evan.cooch_at_NOSPAMcornell.edu: "semi-newbie question | atd | GNU/Linux"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 26 Sep 2003 19:51:09 -0700
In article <kml9nvc3u2dgbhp6i0hd7ok56jcbut9gef@4ax.com>,
evan.cooch@NOSPAMcornell.edu wrote:
> Now, my more experienced friends tell me that atd is a security risk,
> [snip]
> Open to suggestions...
Any security analysis must consider the threat model. How many users do
you have on this system? Since you allude to a lack of experience, I'm
guessing it's just you. And in that case I cannot imagine any possible
security risk in running atd. It's not a network daemon! Your only
exposure is to local users.
(If I'm wrong about any of that I hope someone will point out where and
why.)
If you do have multiple users, how much do you trust them? I suppose
that with atd a user could schedule a glut of jobs and possibly DoS the
system. Hmmm ... "sleep" and "nohup" could do that too. If you have
unknown and untrusted users, I suggest you hand off the sysadmin job to
someone more experienced. :) You could rein them in with restricted
shells, disk quotas, and process limits.
-- /dev/rob0 - preferred_email=i$((28*28+28))@softhome.net or put "not-spam" or "/dev/rob0" in Subject header to reply
- Next message: Harky: "Re: device eth0 entered promiscuous mode"
- Previous message: David: "Re: iptables and port forwarding"
- In reply to: evan.cooch_at_NOSPAMcornell.edu: "semi-newbie question | atd | GNU/Linux"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
