Date: Wed, 10 Jun 1998 16:09:23 -0300 (EST) From: Joao Carlos Mendes Luis <jonny@jonny.eng.br> To: bde@zeta.org.au (Bruce Evans) Cc: bde@zeta.org.au, peter@netplex.com.au, brian@FreeBSD.ORG, cvs-all@FreeBSD.ORG, cvs-committers@FreeBSD.ORG, cvs-usrsbin@FreeBSD.ORG Subject: Re: cvs commit: src/usr.sbin/ppp Makefile Message-ID: <199806101909.QAA16587@roma.coe.ufrj.br> In-Reply-To: <199806100823.SAA02784@godzilla.zeta.org.au> from Bruce Evans at "Jun 10, 98 06:23:40 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
#define quoting(Bruce Evans) // >> I suppose `chmod a+r' is the correct fix for other executables that // >> can't be run by root over nfs or backed up by group operator: // >> // >> -r-x------ 1 bin bin 208896 Jun 4 17:50 sbin/init* // >> -r-sr-x--- 1 root operator 147456 May 30 18:37 sbin/shutdown* // >> ---s--x--x 2 root bin 466944 May 30 18:36 usr/bin/sperl4.036* // >> ---s--x--x 2 root bin 466944 May 30 18:36 usr/bin/suidperl* // >> -r-sr-x--- 1 uucp uucp 225280 May 30 18:30 usr/libexec/uucp/uuxqt* // >> -r-sr-x--- 1 root network 389120 Jun 4 17:27 usr/sbin/ppp* // >> -r-sr-x--- 1 root network 180224 May 30 18:44 usr/sbin/sliplogin* // >> -r-x------ 1 bin bin 114688 May 13 05:05 usr/sbin/watch* // > // >NFS has permission hackery to convert an 'x' into an 'r' bit for files so // >they can be read for execution. // // Only for certain 'x' bits. suidperl works, but ppp with the above // permissions fails with a SIGSEGV and a kernel printf for anyone except // root in group network because execve() thinks it can exec the file but // vm doesn't allow reading it. It fails cleanly for root because root // is nobody over nfs. Anyway, why disallow reading of files that everybody can get at ftp.freebsd.org ? :) This remembers me of a lab nearby which decided to disallow users to use ftp, so they changed the ftp executable flags. The only result they got is that every user with at least a two-digit IQ got a ftp executable in his account. :) Jonny -- Joao Carlos Mendes Luis M.Sc. Student jonny@jonny.eng.br Universidade Federal do Rio de Janeiro To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199806101909.QAA16587>