On Wed, Jan 23, 2008 at 10:12:13PM -0500, Scott Ehrlich alleged: > I received some interesting answers to my cron question. Most people said > it was not possible. One person reviewed cron's source code and said the > source would need to be modified. One person said I should mount the > filesystem with noexec. I'll review and test the answers as best I can. In my own defense of not mentioning "modify the source", that is *always* an option. It is especially implied in the open source. It is one of the principle reasons for having open source in the first place! That said, I quite like the general idea of adding some type of policy enforcement to cron. It reminds me of httpd' suexec. It has several such restrictions on the binary it executes. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <http://lists.centos.org/pipermail/centos/attachments/20080123/6f231712/attachment-0005.sig>