On Wed, 2008-01-23 at 20:15 -0800, Garrick Staples wrote: > On Wed, Jan 23, 2008 at 10:12:13PM -0500, Scott Ehrlich alleged: > > I received some interesting answers to my cron question. Most people said > > it was not possible. One person reviewed cron's source code and said the > > source would need to be modified. One person said I should mount the > > filesystem with noexec. I'll review and test the answers as best I can. > > In my own defense of not mentioning "modify the source", that is *always* an > option. It is especially implied in the open source. It is one of the > principle reasons for having open source in the first place! > > That said, I quite like the general idea of adding some type of policy > enforcement to cron. It reminds me of httpd' suexec. It has several such > restrictions on the binary it executes. In that case, I'll add my initial thought even though I'm ignorant, and therefore, blissful. Selinux? It seems to me this is right up its alley. > <snip sig stuff> HTH -- Bill