Date: Sat, 25 Nov 1995 20:04:51 +0100 From: Tatu Ylonen <ylo@cs.hut.fi> To: FreeBSD-gnats-submit@freebsd.org Subject: bin/839: by default, "at" is allowed only for superuser Message-ID: <199511251904.UAA00841@trance.olari.clinet.fi> Resent-Message-ID: <199511252230.OAA20721@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 839
>Category: bin
>Synopsis: by default, use of "at" is overly restricted
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Sat Nov 25 14:30:01 PST 1995
>Last-Modified:
>Originator: Tatu Ylonen
>Organization:
Helsinki University of Technology
>Release: FreeBSD 2.1-STABLE i386
>Environment:
FreeBSD 2.1-STABLE (from early October 1995)
/var/at/at.allow and /var/at/at.deny have not been explicitly created
>Description:
By default, the "at" command is only allowed for superuser.
This is overly restrictive, since it should not involve any security
risks. Thus, I don't see any reason why it should not be
allowed to all users by default. Any damage the users can do
with "at" they can do without it as well. This is not
security; this is unnecessarily causing people trouble.
>How-To-Repeat:
Remove /var/at/at.allow and /var/at/at.deny (as appears to be
the default in the distribution).
>Fix:
Either:
1. (preferred) Modify /usr/bin/at to permit use if neither
/var/at/at.allow nor /var/at/at.deny exists.
or 2. Make the installation create empty /var/at/at.deny.
Tatu Ylonen <ylo@cs.hut.fi>
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199511251904.UAA00841>