Re: About a rc.d script and "--user ${puser}"

To: tls%rek.tjls.com@localhost
Subject: Re: About a rc.d script and "--user ${puser}"
From: Cem Kayali <cemkayali%eticaret.com.tr@localhost>
Date: Sun, 01 Feb 2009 21:33:15 +0200


Hello!

I created a ticket about this: pkg/40532 &http://www.netbsd.org/cgi-bin/query-pr-single.pl?number=40532

This looks quite strange to me, because privoxy has write access tochown=root:wheel & chmod=661 files though "gropinfo wheel" does not haveprivoxy user.


Regards,
Cem




Thor Lancelot Simon, 02/01/09 21:19:

On Sun, Feb 01, 2009 at 06:07:17PM +0200, Cem Kayali wrote:

Hello!
I noticed that a (pkgsrc) /etc/rc.d script has wheel permission althoughit has command argument


What do you mean, "has wheel permission"?  Do you mean that the script's
permissions look like this:

        -rwxr-sr-x  1 root  wheel  0 Feb  1 14:11 foo.sh

Or like this?

        -rwxr-xr-x  1 root  wheel  0 Feb  1 14:11 foo.sh

Standard NetBSD kernels do not support setgid scripts, so the two
permissions are equivalent.  I do not understand why you think there is,
as you put it, "an internal security hole" in either case.

Thor

References:
- About a rc.d script and "--user ${puser}"
  - From: Cem Kayali
- Re: About a rc.d script and "--user ${puser}"
  - From: Thor Lancelot Simon

Prev by Date: Re: About a rc.d script and "--user ${puser}"
Next by Date: Re: About a rc.d script and "--user ${puser}"
Previous by Thread: Re: About a rc.d script and "--user ${puser}"
Next by Thread: Re: About a rc.d script and "--user ${puser}"
Indexes:

Home | Main Index | Thread Index | Old Index