Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!watmath!clyde!burl!ulysses!mhuxl!houxm!hogpc!houti!ariel!vax135!cornell!uw-beaver!tektronix!hplabs!sri-unix!olympus!sauron!bob@SU-SHASTA.ARPA From: bob@SU-SHASTA.ARPA@sauron.UUCP Newsgroups: net.unix-wizards Subject: Re: Bugs in the "at" command - FIX DOES WORK!!! Message-ID: <407@sri-arpa.UUCP> Date: Tue, 24-Jul-84 18:26:29 EDT Article-I.D.: sri-arpa.407 Posted: Tue Jul 24 18:26:29 1984 Date-Received: Sat, 28-Jul-84 21:01:45 EDT Lines: 30 The fix that I posted yesterday to the net to eliminate the security hole in having "at" on System III & System V does indeed work! Matt is wrong in claiming that it does not work! The security hole was that once a user had used "at" to create a spool file in the /usr/spool/at directory they could chown it away (like, to root). The heart of my fix is the command 'chmod 700 /usr/spool/at'. Matt failed to realize that this prevents users from then chowning their spool file, /usr/spool/at/*, because they won't able to access /usr/spool/at anymore! The "at" command and the "atrun" daemon can still access /usr/spool/at because they run as root. I'm reposting the fix: ------------------------------------------------------------------------------- The fix for making "at" secure under System III & System V is to do this: chmod 700 /usr/spool/at chown root /usr/spool/at chmod 4755 /usr/bin/at If your cron doesn't run as root also do: chmod 4755 /usr/lib/atrun chown root /usr/lib/atrun The several versions of "at" that I've seen all chown the spool file to the real UID so it's safe to make it set-uid and also prevent one from reading files that the real UID isn't allowed to. Note that no source changes or re-compilation is required. Bob Toxen Silicon Graphics ucbvax!Shasta!olympus!bob