From owner-cvs-usrsbin Mon Aug 26 08:39:17 1996 Return-Path: owner-cvs-usrsbin Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id IAA19730 for cvs-usrsbin-outgoing; Mon, 26 Aug 1996 08:39:17 -0700 (PDT) Received: from precipice.shockwave.com (ppp-206-170-5-89.rdcy01.pacbell.net [206.170.5.89]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id IAA19714; Mon, 26 Aug 1996 08:39:05 -0700 (PDT) Received: from shockwave.com (localhost.shockwave.com [127.0.0.1]) by precipice.shockwave.com (8.7.5/8.7.3) with ESMTP id IAA12326; Mon, 26 Aug 1996 08:38:44 -0700 (PDT) Message-Id: <199608261538.IAA12326@precipice.shockwave.com> To: "Rodney W. Grimes" cc: CVS-committers@freefall.freebsd.org, cvs-all@freefall.freebsd.org, cvs-etc@freefall.freebsd.org, cvs-usrsbin@freefall.freebsd.org Subject: Re: cvs commit: src/etc/mtree BSD.var.dist src/usr.sbin/rwhod rwhod.c In-reply-to: Your message of "Sun, 25 Aug 1996 22:25:14 PDT." <199608260525.WAA18244@GndRsh.aac.dev.com> Date: Mon, 26 Aug 1996 08:38:44 -0700 From: Paul Traina Sender: owner-cvs-usrsbin@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Introduce NFS and you eliminate security anyway. It's actually 775 daemon.daemon I believe. If you have a better suggestion, I'm all ears. It's currently a compromise. From: "Rodney W. Grimes" Subject: Re: cvs commit: src/etc/mtree BSD.var.dist src/usr.sbin/rwhod rwhod >>.c > pst 96/08/25 14:37:12 > > Modified: etc/mtree BSD.var.dist > usr.sbin/rwhod rwhod.c > Log: > Fix buffer overrun, and run as nobody Hummm... I take it that you set /var/rwho nobody:whoever mode 755, which now means /var/rwho is open for writting into if /var is NFS exported... and all the datafiles will be smashable by other NFS hosts :-(. -- Rod Grimes rgrimes@gndrsh.aac.dev.com Accurate Automation Company Reliable computers for FreeBSD