Date: Mon, 22 Jan 1996 13:16:15 +0100 (MET) From: Luigi Rizzo <luigi@labinfo.iet.unipi.it> To: mpp@mpp.minn.net (Mike Pritchard) Cc: davidg@Root.COM, imp@village.org, hackers@freebsd.org, dworkin@rover.village.org Subject: Re: Security (was: Re: Two commands: icat and ils) Message-ID: <199601221216.NAA05095@labinfo.iet.unipi.it> In-Reply-To: <199601221142.FAA18087@mpp.minn.net> from "Mike Pritchard" at Jan 22, 96 05:42:32 am
next in thread | previous in thread | raw e-mail | index | archive | help
> Luigi Rizzo wrote:
> > >
> > > That's not the reason they have read permissions removed. It's common for
> > > people to have /sbin in their path - to pick up useful utilities which
> > > probably shouldn't be in /sbin anyway (like ifconfig and ping, for example),
> > > and executing /sbin/init by accident is not a good thing.
> >
> > Two objections:
> >
> > 1) just make /sbin/init mode 544 then. Actually, shouldn't it work
> > even if it has mode 444 ?
> > 2) would it be that hard to fix init so as to quit if its not
> > appropriate for it to run (e.g. check process id, another instance
> > running, etc.) ? I am asking because I don't know what are the
> > implications, but if the consequences are so bad...
>
> Actually, init already does this. Here are the first few
> lines of code from init.c:
>
> /* Dispose of random users. */
> if (getuid() != 0) {
> (void)fprintf(stderr, "init: %s\n", strerror(EPERM));
> exit (1);
> }
>
> /* System V users like to reexec init. */
> if (getpid() != 1) {
> (void)fprintf(stderr, "init: already running\n");
> exit (1);
> }
so it seems that there is really no point in keeping the current
protection modes.
Luigi
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199601221216.NAA05095>