[lug] Why cron.allow and cron.deny?
Ralf Mattes
rm at seid-online.de
Mon Jan 13 09:22:29 MST 2014
On Mon, Jan 13, 2014 at 09:26:13AM -0700, Chris Ernst wrote:
> On 01/13/2014 09:16 AM, Rob Nagler wrote:
> > I still don't get it. What's the difference between cron and this?
> >
> > while true; do
> > sleep 60
> > do_something
> > done
> >
> > Or, for the more abusive:
> >
> > while true do
> > sleep 60
> > ssh some-target.com do_something
> > done
>
> Not much. But the point is that there are many different mechanisms to
> prevent many different vectors of abuse. No one mechanism can address
> them all.
>From an administrator's point of view there is a huge difference: Iff you need
to trace down a malicious process, the shell script run from a user is much
easier to catch (since it shows up in 'ps aux' with the user's ID). A well-written
malicious cron job (i.e. one that takes care not to produce any output and to always
return successful) is _much_ harder to catch.
Cheers, Ralf Mattes
> cron.allow and cron.deny are just a simple mechanism to control cron
> access. That's it.
>
> - Chris
>
>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
More information about the LUG
mailing list