/etc/shutdown permissions
Mike Levin
mml at magnus.UUCP
Sun Nov 20 19:32:27 AEST 1988
In article <234 at safari.UUCP> dave at safari.UUCP (dave munroe) writes:
>In release 3.5 at least, /etc/shutdown has permissions -rwxr-xr-x, which is
>obviously a bad idea.
> -dave
It's also that way in release 3.51, *BUT* if you are NOT root, it gives the
appearance of proceeding to do it's thing, and then it fails. For example,
it warns of killing active phone conversations, etc., but then when it tries
to do it's thing, it fails for "unable to send signal to init". So, it is
probably safe. IN ANY CASE, it is ONLY a shell script, and as such it is
something that (from a security standpoint) somebody could simply create
with an editor themselves. It *CAN'T* be setuid'd, it can't be removed or
altered by anybody but the owner, and so I don't think that any security is
actually compromised by the way it's done. Of course, maybe I'm missing
something. :-)
Mike Levin
--
+---+ P L E A S E R E S P O N D T O: +---+ * * * * * * * * * *
| Michael M. Levin, Silent Radio, Los Angeles | I never thought I'd be LOOKING
|{aeras|csun|mtune|pacbell|srhqla}!magnus!levin| for something to say! ! !
+----------------------------------------------+------------------------------+
More information about the Unix-pc.general
mailing list