From owner-freebsd-security@FreeBSD.ORG Wed Aug 11 20:56:28 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A71BF16A4CE for ; Wed, 11 Aug 2004 20:56:28 +0000 (GMT) Received: from drizzle.sasknow.net (drizzle.sasknow.net [204.83.220.141]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4CD7B43D2D for ; Wed, 11 Aug 2004 20:56:28 +0000 (GMT) (envelope-from ryan@sasknow.com) Received: from mail.sasknow.com (mail.sasknow.com [207.195.92.135]) by drizzle.sasknow.net (8.12.9p2/8.12.9) with ESMTP id i7BKuP2v017798 for ; Wed, 11 Aug 2004 14:56:25 -0600 (CST) (envelope-from ryan@sasknow.com) Date: Wed, 11 Aug 2004 14:56:25 -0600 (CST) From: Ryan Thompson To: freebsd-security@freebsd.org In-Reply-To: <20040811111334.G44734@drizzle.sasknow.net> Message-ID: <20040811145610.K41454@drizzle.sasknow.net> References: <20040810161305.GA161@frontfree.net> <20040811111334.G44734@drizzle.sasknow.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Virus-Status: Clean, ClamAV version devel-20040729, clamav-milter version 0.75b on drizzle.sasknow.net X-Spam-Status: No, hits=-19.538 required=7 tests=MSGID_PINE=-2.1,RT_SUBJ_RE7=-0.3,ALL_TRUSTED=-0.8,BAYES_00=-4.9,BAYES_LOW_AND_TZ_NEAR=-7.0,TIME_13_17_BAYES_LOW=-7.0,AWL=2.6 autolearn=no version=3.000000-pre3 Subject: Re: [PATCH] Tighten /etc/crontab permissions X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Aug 2004 20:56:28 -0000 Hi Xin, Personally, I'd be opposed to this idea, for a couple of reasons: 1. The impact is too narrow. There are many, many files in /etc/ (and elsewhere, for that matter) that are also currently set world- readable by default. Patching the perms of just one file creates inconsistency, and, without a more general policy on this sort of thing, we're likely to hear whining about "everything *else* is world-readable. What's so special about /etc/crontab?" 2. Even if there *is* some small security benefit to be gained through obscurity (see #3), it's probably outweighed by the convenience of the matter in this case, and that has some real security implications. We'd be asking admins to su everytime they want to look at /etc/crontab. For most of us, we consider our systems more secure the more we can do without a superuser shell. 3. You're not really gaining much by making /etc/crontab only readable by the superuser. It's currently trivial for regular users to view process information, and most cron jobs run on predictable boundaries (since per-minute timings are the most granular scheduling allowed). We don't want admins thinking, "nobody else can read this file, so anything I put in here must be top secret", because that's *not* the case. Just my CA$0.10. :-) - Ryan Xin LI wrote to freebsd-security@freebsd.org: > Hi folks, > > While investigating OpenBSD's cron implementation, I found that they set > the systemwide crontab (a.k.a. /etc/crontab) to be readable by the > superuser only. The attached patch will bring this to FreeBSD by moving > crontab out from BIN1 group and install it along with master.passwd. > > This change should not affect the current cron(1) behavior. > > Cheers, > -- > Xin LI http://www.delphij.net/ > See complete headers for GPG key and other information. > > -- Ryan Thompson SaskNow Technologies - http://www.sasknow.com 901-1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America