From owner-freebsd-isdn Mon Jan 4 11:46:30 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA24622 for freebsd-isdn-outgoing; Mon, 4 Jan 1999 11:46:30 -0800 (PST) (envelope-from owner-freebsd-isdn@FreeBSD.ORG) Received: from hcshh.hcs.de (hcshh.hcs.de [194.123.40.1]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id LAA24616 for ; Mon, 4 Jan 1999 11:46:28 -0800 (PST) (envelope-from hm@hcs.de) Received: from hcswork.hcs.de([192.76.124.5]) (2224 bytes) by hcshh.hcs.de via sendmail with P:smtp/R:inet_hosts/T:smtp (sender: ) id for ; Mon, 4 Jan 1999 20:45:46 +0100 (MET) (Smail-3.2.0.101 1997-Dec-17 #2 built 1998-Jun-26) Received: by hcswork.hcs.de (Smail3.1.29.0 #12) id m0zxFzz-0000fNC; Mon, 4 Jan 99 20:49 MET Date: Mon, 4 Jan 1999 20:49:11 +0100 From: Hellmuth Michaelis To: freebsd-isdn@FreeBSD.ORG Subject: Re: regexp program Message-ID: <19990104204911.B5702@hcswork.hcs.de> Reply-To: hm@hcs.de Mail-Followup-To: freebsd-isdn@FreeBSD.ORG References: <199901041906.UAA01275@yedi.iaf.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95i In-Reply-To: <199901041906.UAA01275@yedi.iaf.nl>; from Wilko Bulte on Mon, Jan 04, 1999 at 08:06:13PM +0100 Organization: HCS Hanseatischer Computerservice GmbH Sender: owner-freebsd-isdn@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Jan 04, 1999 at 08:06:13PM +0100, Wilko Bulte wrote: > As Hellmuth Michaelis wrote... > > >From the keyboard of Wilko Bulte: > > > > > Why is it that isdnd requires the regprog to live under /etc/isdn? > > > > I thought it were a bit more secure. > > Security is a concern, true. It would be the (sick) hack of the century if you could > stick a regexp/regprog in somebody's isdnd.rc that did (e.g) 'dd if=/dev/zero > of=/dev/rsd0c' Shudder ... :-((( > or something similar after you called him :-\ I'm a bit doubtful > whether it makes much difference if the regprog is in /etc/isdn or somewhere else. You are right. > In that respect I'd say it might make sense to not execute the regprog as root. > It looks like isdnd/exec.c just execs whatever you feed it. Maybe a setuid(nobody) > first? Something like that - on the other side: who should be permitted to access /dev/i4b* and wouldn't it be appropriate at this time to add group "isdn" to /etc/groups? I really didn't thought about all this stuff much, what do other people think about that ? Thoughts, comments ? hellmuth -- Hellmuth Michaelis Tel +49 40 559747-70 HCS Hanseatischer Computerservice GmbH Fax +49 40 559747-77 Oldesloer Strasse 97-99 Mail hm [at] hcs.de 22457 Hamburg WWW http://www.hcs.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isdn" in the body of the message