Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!watmath!clyde!burl!ulysses!mhuxl!houxm!houxz!vax135!cornell!uw-beaver!tektronix!hplabs!sri-unix!olympus!sauron!bob@SU-SHASTA.ARPA
From: bob@SU-SHASTA.ARPA
Newsgroups: net.unix-wizards
Subject: Re: Bugs in the "at" command - fix
Message-ID: <354@sri-arpa.UUCP>
Date: Mon, 23-Jul-84 12:22:46 EDT
Article-I.D.: sri-arpa.354
Posted: Mon Jul 23 12:22:46 1984
Date-Received: Fri, 27-Jul-84 08:05:07 EDT
Lines: 17

The fix for making "at" secure under System III & System V is to do this:
	chmod 700 /usr/spool/at
	chown root /usr/spool/at
	chmod 4755 /usr/bin/at
If your cron doesn't run as root also do:
	chmod 4755 /usr/lib/atrun
	chown root /usr/lib/atrun

The several versions of "at" that I've seen all chown the spool file to the
real UID so it's safe to make it set-uid and also prevent one from reading
files that the real UID isn't allowed to.

Note that no source changes or re-compilation is required.

Bob Toxen
Silicon Graphics
ucbvax!Shasta!olympus!bob