Date: Mon, 4 Jan 1999 20:49:11 +0100 From: Hellmuth Michaelis <hm@hcswork.hcs.de> To: freebsd-isdn@FreeBSD.ORG Subject: Re: regexp program Message-ID: <19990104204911.B5702@hcswork.hcs.de> In-Reply-To: <199901041906.UAA01275@yedi.iaf.nl>; from Wilko Bulte on Mon, Jan 04, 1999 at 08:06:13PM %2B0100 References: <m0zx5rP-0000fOC@hcswork.hcs.de> <199901041906.UAA01275@yedi.iaf.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jan 04, 1999 at 08:06:13PM +0100, Wilko Bulte wrote: > As Hellmuth Michaelis wrote... > > >From the keyboard of Wilko Bulte: > > > > > Why is it that isdnd requires the regprog to live under /etc/isdn? > > > > I thought it were a bit more secure. > > Security is a concern, true. It would be the (sick) hack of the century if you could > stick a regexp/regprog in somebody's isdnd.rc that did (e.g) 'dd if=/dev/zero > of=/dev/rsd0c' Shudder ... :-((( > or something similar after you called him :-\ I'm a bit doubtful > whether it makes much difference if the regprog is in /etc/isdn or somewhere else. You are right. > In that respect I'd say it might make sense to not execute the regprog as root. > It looks like isdnd/exec.c just execs whatever you feed it. Maybe a setuid(nobody) > first? Something like that - on the other side: who should be permitted to access /dev/i4b* and wouldn't it be appropriate at this time to add group "isdn" to /etc/groups? I really didn't thought about all this stuff much, what do other people think about that ? Thoughts, comments ? hellmuth -- Hellmuth Michaelis Tel +49 40 559747-70 HCS Hanseatischer Computerservice GmbH Fax +49 40 559747-77 Oldesloer Strasse 97-99 Mail hm [at] hcs.de 22457 Hamburg WWW http://www.hcs.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isdn" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990104204911.B5702>