Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 10 Jun 1998 16:09:23 -0300 (EST)
From:      Joao Carlos Mendes Luis <jonny@jonny.eng.br>
To:        bde@zeta.org.au (Bruce Evans)
Cc:        bde@zeta.org.au, peter@netplex.com.au, brian@FreeBSD.ORG, cvs-all@FreeBSD.ORG, cvs-committers@FreeBSD.ORG, cvs-usrsbin@FreeBSD.ORG
Subject:   Re: cvs commit: src/usr.sbin/ppp Makefile
Message-ID:  <199806101909.QAA16587@roma.coe.ufrj.br>
In-Reply-To: <199806100823.SAA02784@godzilla.zeta.org.au> from Bruce Evans at "Jun 10, 98 06:23:40 pm"
next in thread | previous in thread | raw e-mail | index | archive | help 
#define quoting(Bruce Evans)
// >> I suppose `chmod a+r' is the correct fix for other executables that
// >> can't be run by root over nfs or backed up by group operator:
// >> 
// >> -r-x------  1 bin   bin       208896 Jun  4 17:50 sbin/init*
// >> -r-sr-x---  1 root  operator  147456 May 30 18:37 sbin/shutdown*
// >> ---s--x--x  2 root  bin       466944 May 30 18:36 usr/bin/sperl4.036*
// >> ---s--x--x  2 root  bin       466944 May 30 18:36 usr/bin/suidperl*
// >> -r-sr-x---  1 uucp  uucp      225280 May 30 18:30 usr/libexec/uucp/uuxqt*
// >> -r-sr-x---  1 root  network   389120 Jun  4 17:27 usr/sbin/ppp*
// >> -r-sr-x---  1 root  network   180224 May 30 18:44 usr/sbin/sliplogin*
// >> -r-x------  1 bin   bin       114688 May 13 05:05 usr/sbin/watch*
// >
// >NFS has permission hackery to convert an 'x' into an 'r' bit for files so
// >they can be read for execution.
// 
// Only for certain 'x' bits.  suidperl works, but ppp with the above
// permissions fails with a SIGSEGV and a kernel printf for anyone except
// root in group network because execve() thinks it can exec the file but
// vm doesn't allow reading it.  It fails cleanly for root because root
// is nobody over nfs.

Anyway, why disallow reading of files that everybody can get at
ftp.freebsd.org ?  :)

This remembers me of a lab nearby which decided to disallow users
to use ftp, so they changed the ftp executable flags.  The only
result they got is that every user with at least a two-digit IQ
got a ftp executable in his account.  :)

					Jonny

--
Joao Carlos Mendes Luis            M.Sc. Student
jonny@jonny.eng.br                 Universidade Federal do Rio de Janeiro

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199806101909.QAA16587>