From ylo@cs.hut.fi  Sat Nov 25 14:29:35 1995
Received: from hutcs.cs.hut.fi (root@hutcs.cs.hut.fi [130.233.192.2])
          by freefall.freebsd.org (8.6.12/8.6.6) with SMTP id OAA20659
          for <FreeBSD-gnats-submit@freebsd.org>; Sat, 25 Nov 1995 14:29:33 -0800
Received: from trance.olari.clinet.fi (hutcs.cs.hut.fi) by hutcs.cs.hut.fi with SMTP id AA24855
  (5.65c8/HUTCS-S 1.4 for <FreeBSD-gnats-submit@freebsd.org>); Sun, 26 Nov 1995 00:29:15 +0200
Received: (from ylo@localhost) by trance.olari.clinet.fi (8.6.12/8.6.9) id UAA00841; Sat, 25 Nov 1995 20:04:51 +0100
Message-Id: <199511251904.UAA00841@trance.olari.clinet.fi>
Date: Sat, 25 Nov 1995 20:04:51 +0100
From: Tatu Ylonen <ylo@cs.hut.fi>
Reply-To: ylo@cs.hut.fi
To: FreeBSD-gnats-submit@freebsd.org
Subject: by default, "at" is allowed only for superuser
X-Send-Pr-Version: 3.2

>Number:         839
>Category:       bin
>Synopsis:       by default, use of "at" is overly restricted
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:
>Keywords:
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sat Nov 25 14:30:01 PST 1995
>Closed-Date:    Sun Dec 15 15:45:05 PST 1996
>Last-Modified:  Sun Dec 15 15:48:39 PST 1996
>Originator:     Tatu Ylonen
>Release:        FreeBSD 2.1-STABLE i386
>Organization:
Helsinki University of Technology
>Environment:

	FreeBSD 2.1-STABLE (from early October 1995)

	/var/at/at.allow and /var/at/at.deny have not been explicitly created

>Description:

	By default, the "at" command is only allowed for superuser.
	This is overly restrictive, since it should not involve any security
	risks.  Thus, I don't see any reason why it should not be
	allowed to all users by default.  Any damage the users can do
	with "at" they can do without it as well.  This is not
	security; this is unnecessarily causing people trouble.

>How-To-Repeat:

	Remove /var/at/at.allow and /var/at/at.deny (as appears to be
	the default in the distribution).

>Fix:
	
	Either:

	   1. (preferred) Modify /usr/bin/at to permit use if neither
	      /var/at/at.allow nor /var/at/at.deny exists.

        or 2. Make the installation create empty /var/at/at.deny.



    Tatu Ylonen <ylo@cs.hut.fi>
>Release-Note:
>Audit-Trail:

From: J Wunsch <j@uriah.heep.sax.de>
To: ylo@cs.hut.fi
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: bin/839: by default, "at" is allowed only for superuser
Date: Mon, 27 Nov 1995 23:18:45 +0100 (MET)

 As Tatu Ylonen wrote:
 > 
 > 	By default, the "at" command is only allowed for superuser.
 > 	This is overly restrictive, since it should not involve any security
 > 	risks.
 
 I think, this conforms with the traditional Unix behaviour.
 
 -- 
 cheers, J"org
 
 joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE
 Never trust an operating system you don't have sources for. ;-)
State-Changed-From-To: open->analyzed 
State-Changed-By: wosch 
State-Changed-When: Wed Sep 18 14:41:31 PDT 1996 
State-Changed-Why:  
I think, this conforms with the traditional Unix behaviour. [joerg] 

State-Changed-From-To: analyzed->closed 
State-Changed-By: mpp 
State-Changed-When: Sun Dec 15 15:45:05 PST 1996 
State-Changed-Why:  
Stale problem report.  As is mentioned in the audit trail  
of this PR, this is the traditional behaviour, and 
it since no action has been taken on this PR in over a year, 
it is unlikely that any will be taken in the near future. 
>Unformatted:
