Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!seismo!rutgers!clyde!cbatt!cwruecmp!hal!ncoast!allbery From: allbery@ncoast.UUCP (Brandon Allbery) Newsgroups: net.unix-wizards Subject: Setuid and setgid on at/cron/lp Message-ID: <1618@ncoast.UUCP> Date: Thu, 23-Oct-86 15:07:38 EDT Article-I.D.: ncoast.1618 Posted: Thu Oct 23 15:07:38 1986 Date-Received: Fri, 24-Oct-86 17:30:42 EDT References: <115@tijc02.UUCP> <735@hropus.UUCP> <1040@ho95e.UUCP> Reply-To: allbery@ncoast.UUCP (Brandon Allbery) Followup-To: net.unix-wizards Organization: North Coast Public Access UN*X, Cleveland, OH Lines: 44 Expires: Quoted from <1040@ho95e.UUCP> ["Re: Which commands (in /bin & /usr/bin) must have set user ID (for root)"], by wcs@ho95e.UUCP (#Bill.Stewart)... +--------------- | In article <735@hropus.UUCP> jrw@hropus.UUCP (Jim Webb) writes: | >-rwsr-xr-x 1 root sys 47197 Oct 20 1985 at | >-rwsr-xr-x 1 root sys 25093 Nov 5 1983 crontab | >at needs to talk to cron in a very specific manner. | I would expect you could write a good cron without setuid, since /etc/cron runs | as root? Likewise "at", since it's the other side of cron? +--------------- Both "crontab" and "at" work in the same way: (1) write a file in a protected directory (to keep non-superusers from doing fun things like changing other users' at files or setting up crontabs/at jobs when they're listed in {cron,at}.deny), and (2) write something to /usr/spool/cron/FIFO, which is protected for the same reasons as above. (I wish I'd thought of that way of doing things; it makes sense. 20/20 hindsight, eh?) +--------------- | What irks me more, though, is that the "lp" commands all run setuid-lp | setgid-bin; this means that in a directory which lp can't access ( e.g. 700), | lp foo | fails, though | lp