Bugs in the "at" command - fix
bob at SU-SHASTA.ARPA
bob at SU-SHASTA.ARPA
Tue Jul 24 02:22:46 AEST 1984
The fix for making "at" secure under System III & System V is to do this:
chmod 700 /usr/spool/at
chown root /usr/spool/at
chmod 4755 /usr/bin/at
If your cron doesn't run as root also do:
chmod 4755 /usr/lib/atrun
chown root /usr/lib/atrun
The several versions of "at" that I've seen all chown the spool file to the
real UID so it's safe to make it set-uid and also prevent one from reading
files that the real UID isn't allowed to.
Note that no source changes or re-compilation is required.
Bob Toxen
Silicon Graphics
ucbvax!Shasta!olympus!bob
More information about the Comp.unix.wizards
mailing list