From owner-freebsd-bugs Sat Nov 25 14:30:06 1995 Return-Path: owner-bugs Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id OAA20728 for bugs-outgoing; Sat, 25 Nov 1995 14:30:06 -0800 Received: (from gnats@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id OAA20721 ; Sat, 25 Nov 1995 14:30:03 -0800 Resent-Date: Sat, 25 Nov 1995 14:30:03 -0800 Resent-Message-Id: <199511252230.OAA20721@freefall.freebsd.org> Resent-From: gnats (GNATS Management) Resent-To: freebsd-bugs Resent-Reply-To: FreeBSD-gnats@freefall.FreeBSD.org, ylo@cs.hut.fi Received: from hutcs.cs.hut.fi (root@hutcs.cs.hut.fi [130.233.192.2]) by freefall.freebsd.org (8.6.12/8.6.6) with SMTP id OAA20659 for ; Sat, 25 Nov 1995 14:29:33 -0800 Received: from trance.olari.clinet.fi (hutcs.cs.hut.fi) by hutcs.cs.hut.fi with SMTP id AA24855 (5.65c8/HUTCS-S 1.4 for ); Sun, 26 Nov 1995 00:29:15 +0200 Received: (from ylo@localhost) by trance.olari.clinet.fi (8.6.12/8.6.9) id UAA00841; Sat, 25 Nov 1995 20:04:51 +0100 Message-Id: <199511251904.UAA00841@trance.olari.clinet.fi> Date: Sat, 25 Nov 1995 20:04:51 +0100 From: Tatu Ylonen Reply-To: ylo@cs.hut.fi To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: bin/839: by default, "at" is allowed only for superuser Sender: owner-bugs@freebsd.org Precedence: bulk >Number: 839 >Category: bin >Synopsis: by default, use of "at" is overly restricted >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sat Nov 25 14:30:01 PST 1995 >Last-Modified: >Originator: Tatu Ylonen >Organization: Helsinki University of Technology >Release: FreeBSD 2.1-STABLE i386 >Environment: FreeBSD 2.1-STABLE (from early October 1995) /var/at/at.allow and /var/at/at.deny have not been explicitly created >Description: By default, the "at" command is only allowed for superuser. This is overly restrictive, since it should not involve any security risks. Thus, I don't see any reason why it should not be allowed to all users by default. Any damage the users can do with "at" they can do without it as well. This is not security; this is unnecessarily causing people trouble. >How-To-Repeat: Remove /var/at/at.allow and /var/at/at.deny (as appears to be the default in the distribution). >Fix: Either: 1. (preferred) Modify /usr/bin/at to permit use if neither /var/at/at.allow nor /var/at/at.deny exists. or 2. Make the installation create empty /var/at/at.deny. Tatu Ylonen >Audit-Trail: >Unformatted: