Re: About a rc.d script and "--user ${puser}"

To: tls%rek.tjls.com@localhost
Subject: Re: About a rc.d script and "--user ${puser}"
From: Cem Kayali <cemkayali%eticaret.com.tr@localhost>
Date: 2009年2月01日 21:33:15 +0200

Hello!

I created a ticket about this: pkg/40532 &http://www.netbsd.org/cgi-bin/query-pr-single.pl?number=40532This looks quite strange to me, because privoxy has write access tochown=root:wheel & chmod=661 files though "gropinfo wheel" does not haveprivoxy user.

Regards,
Cem
Thor Lancelot Simon, 02/01/09 21:19:

On Sun, Feb 01, 2009 at 06:07:17PM +0200, Cem Kayali wrote:

Hello!
I noticed that a (pkgsrc) /etc/rc.d script has wheel permission althoughit has command argument

What do you mean, "has wheel permission"? Do you mean that the script's
permissions look like this:
 -rwxr-sr-x 1 root wheel 0 Feb 1 14:11 foo.sh
Or like this?
 -rwxr-xr-x 1 root wheel 0 Feb 1 14:11 foo.sh
Standard NetBSD kernels do not support setgid scripts, so the two
permissions are equivalent. I do not understand why you think there is,
as you put it, "an internal security hole" in either case.
Thor

References:
- About a rc.d script and "--user ${puser}"
  - From: Cem Kayali
- Re: About a rc.d script and "--user ${puser}"
  - From: Thor Lancelot Simon

Prev by Date: Re: About a rc.d script and "--user ${puser}"
Next by Date: Re: About a rc.d script and "--user ${puser}"
Previous by Thread: Re: About a rc.d script and "--user ${puser}"
Next by Thread: Re: About a rc.d script and "--user ${puser}"
Indexes:

Home | Main Index | Thread Index | Old Index