[CentOS] Appreciate the help...
Garrick Staples
garrick at usc.edu
Thu Jan 24 04:15:23 UTC 2008
On Wed, Jan 23, 2008 at 10:12:13PM -0500, Scott Ehrlich alleged:
> I received some interesting answers to my cron question. Most people said
> it was not possible. One person reviewed cron's source code and said the
> source would need to be modified. One person said I should mount the
> filesystem with noexec. I'll review and test the answers as best I can.
In my own defense of not mentioning "modify the source", that is *always* an
option. It is especially implied in the open source. It is one of the
principle reasons for having open source in the first place!
That said, I quite like the general idea of adding some type of policy
enforcement to cron. It reminds me of httpd' suexec. It has several such
restrictions on the binary it executes.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/centos/attachments/20080123/6f231712/attachment.sig>
More information about the CentOS
mailing list