Date: Tue, 24 Jul 2001 03:59:21 +0100 From: Brian Somers <brian@Awfulhak.org> To: Kris Kennaway <kris@FreeBSD.org> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, brian@Awfulhak.org Subject: Re: cvs commit: src/usr.sbin/pppd Makefile Message-ID: <200107240259.f6O2xLg76664@hak.lan.Awfulhak.org> In-Reply-To: Message from Kris Kennaway <kris@FreeBSD.org> of "Mon, 23 Jul 2001 19:37:49 PDT." <200107240237.f6O2bn727783@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This should probably be installed as root:network with mode 4554.
The network group was created for programs such as this.
Mode 4550 is wrong because it breaks if /usr is mounted as an NFS
filesystem with root mapped to uid -2.
You could also argue that this program should not have the uid bit
set and should only be run by root :*P
I can't remember why I never changed this to use group network....
> kris 2001/07/23 19:37:49 PDT
>
> Modified files:
> usr.sbin/pppd Makefile
> Log:
> Install this mode 4550 owned by group dialer; there is unsafe code
> in the signal handlers which may pose a risk when executable by untrusted
> users.
>
> Submitted by: Przemyslaw Frasunek <venglin@freebsd.lublin.pl>
> MFC After: 3 days
>
> Revision Changes Path
> 1.23 +4 -2 src/usr.sbin/pppd/Makefile
--
Brian <brian@freebsd-services.com> <brian@Awfulhak.org>
http://www.freebsd-services.com/ <brian@[uk.]FreeBSD.org>
Don't _EVER_ lose your sense of humour ! <brian@[uk.]OpenBSD.org>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200107240259.f6O2xLg76664>