[Bug 185531] Review Request: fcron, a task scheduler
bugzilla at redhat.com
bugzilla at redhat.com
Thu Mar 23 21:53:01 UTC 2006
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: Review Request: fcron, a task scheduler
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=185531
------- Additional Comments From pertusus at free.fr 2006-03-23 16:52 EST -------
(In reply to comment #29)
> Your patch is very dangerous on the security point of view.
> As a matter of fact, you don't check that the file is not writable
> by someone else than root.
You're completly right. I have made a newer version of that patch that only
remove the check for the file owner and group. Thanks.
> fcrontab needs the suid bit for the group too, so its rights should be 6755
> and not 4755 as in your patch.
Fixed, and now it runs as a user.
> (but I'm not sure about the PAM error as root: it may be something else).
There is still that error as root...
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
More information about the fedora-extras-list
mailing list