logo
 
  1. IT-Security >
  2. Cyber Security Nachrichten >
  3. Any harm having plain-text passwords in the root crontab?


ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

Any harm having plain-text passwords in the root crontab?

RSS Kategorie Pfeil IT Security Nachrichten vom | Quelle: reddit.com Direktlink öffnen

I've run into a...frustrating...situation. I have a python script which needs to be executed on a cron schedule, with root permissions, but with the environment of the normal user. Long story short, the python script is updating some packages on their behalf. The only way I've found so far to get this properly working is edit the root crontab and utilize runuser to execute. Only problem is the root password needs to be passed in the run command, similar to the below:

First, sudo crontab -e and then in the crontab:

runuser userjoe --command="echo Ro0tPasSwuRd | sudo -S python3 script.py" > /dev/null 2>&1

That way, the python script gets executed with the environment of "userjoe," with root permissions so it can update the packages it needs to do. I don't believe this poses a security risk, since the only way the root password would be exposed is if someone could edit the root crontab. In which case, they must already have root privileges. Anything I'm missing?

submitted by /u/NowImAllSet
[link] [comments] ...

Webseite öffnen Komplette Webseite öffnen

Newsbewertung

Kommentiere zu Any harm having plain-text passwords in the root crontab?






Ähnliche Beiträge

  • 1. MMD-0026-2014 - Router Malware Warning | Reversing an ARM arch ELF AES.DDoS (China malware) vom 682.21 Punkte ic_school_black_18dp
    Sticky notes, the latest infection report is below tweet:#ELF AES.DDoS (http://t.co/y0D7YwPaD4) #malware hits MIPS/ARM routers. Some AV had bad sigs. http://t.co/TMdxaEDiNh pic.twitter.com/5eaSKJmMZU— ☩MalwareMustDie, NPO (@MalwareMustDie)
  • 2. Steam Voip Security [04 Jul 2014] vom 237.35 Punkte ic_school_black_18dp
    Original PDF https://revuln.com/files/ReVuln_Steam_Voip_Security.pdf   STEAM VOIP SECURITY BY LUIGI AURIEMMA Overview and details about the security issues found in the Steam voice framework. ReVuln Ltd. http://revuln.com @revuln [email protected]
  • 3. Steam Voip Security [04 Jul 2014] vom 237.35 Punkte ic_school_black_18dp
    Original PDF https://revuln.com/files/ReVuln_Steam_Voip_Security.pdf   STEAM VOIP SECURITY BY LUIGI AURIEMMA Overview and details about the security issues found in the Steam voice framework. ReVuln Ltd. http://revuln.com @revuln [email protected]
  • 4. Steam Voip Security [04 Jul 2014] vom 237.35 Punkte ic_school_black_18dp
    Original PDF https://revuln.com/files/ReVuln_Steam_Voip_Security.pdf   STEAM VOIP SECURITY BY LUIGI AURIEMMA Overview and details about the security issues found in the Steam voice framework. ReVuln Ltd. http://revuln.com @revuln [email protected]
  • 5. Steam Voip Security [04 Jul 2014] vom 237.35 Punkte ic_school_black_18dp
    Original PDF https://revuln.com/files/ReVuln_Steam_Voip_Security.pdf   STEAM VOIP SECURITY BY LUIGI AURIEMMA Overview and details about the security issues found in the Steam voice framework. ReVuln Ltd. http://revuln.com @revuln [email protected]
  • 6. Steam Voip Security [04 Jul 2014] vom 237.35 Punkte ic_school_black_18dp
    Original PDF https://revuln.com/files/ReVuln_Steam_Voip_Security.pdf   STEAM VOIP SECURITY BY LUIGI AURIEMMA Overview and details about the security issues found in the Steam voice framework. ReVuln Ltd. http://revuln.com @revuln [email protected]
  • 7. Steam Voip Security [04 Jul 2014] vom 237.35 Punkte ic_school_black_18dp
    Original PDF https://revuln.com/files/ReVuln_Steam_Voip_Security.pdf   STEAM VOIP SECURITY BY LUIGI AURIEMMA Overview and details about the security issues found in the Steam voice framework. ReVuln Ltd. http://revuln.com @revuln [email protected]
  • 8. Steam Voip Security [04 Jul 2014] vom 237.35 Punkte ic_school_black_18dp
    Original PDF https://revuln.com/files/ReVuln_Steam_Voip_Security.pdf   STEAM VOIP SECURITY BY LUIGI AURIEMMA Overview and details about the security issues found in the Steam voice framework. ReVuln Ltd. http://revuln.com @revuln [email protected]
  • 9. Steam Voip Security [04 Jul 2014] vom 237.35 Punkte ic_school_black_18dp
    Original PDF https://revuln.com/files/ReVuln_Steam_Voip_Security.pdf   STEAM VOIP SECURITY BY LUIGI AURIEMMA Overview and details about the security issues found in the Steam voice framework. ReVuln Ltd. http://revuln.com @revuln [email protected]
  • 10. Steam Voip Security [04 Jul 2014] vom 237.35 Punkte ic_school_black_18dp
    Original PDF https://revuln.com/files/ReVuln_Steam_Voip_Security.pdf   STEAM VOIP SECURITY BY LUIGI AURIEMMA Overview and details about the security issues found in the Steam voice framework. ReVuln Ltd. http://revuln.com @revuln [email protected]
  • 11. Steam Voip Security [04 Jul 2014] vom 237.35 Punkte ic_school_black_18dp
    Original PDF https://revuln.com/files/ReVuln_Steam_Voip_Security.pdf   STEAM VOIP SECURITY BY LUIGI AURIEMMA Overview and details about the security issues found in the Steam voice framework. ReVuln Ltd. http://revuln.com @revuln [email protected]
  • 12. Steam Voip Security [04 Jul 2014] vom 237.35 Punkte ic_school_black_18dp
    Original PDF https://revuln.com/files/ReVuln_Steam_Voip_Security.pdf   STEAM VOIP SECURITY BY LUIGI AURIEMMA Overview and details about the security issues found in the Steam voice framework. ReVuln Ltd. http://revuln.com @revuln [email protected]