> When nohup runs a program whose output is a terminal, it redirects
> stdout and stderr to a file named nohup.out in the current
> directory.
So far so good.
> What would stop someone from creating a symlink called nohup.out
> that points to /etc/passwd or some other important file, and then
> waiting for root to run nohup?
Absolutely nothing at all would prevent that. Using superuser access
comes with a responsibility. Of course we should strive to avoid
using root except when we need it. And when it is used the user must
be careful.
Note that nohup *appends* to nohup.out and does not change permissions
if it exists. Therefore you could only get the output of a root run
command to appear appended to a file. I believe you were expected it
to truncate the /etc/passwd file and that won't happen.
> Hopefully I'm missing something, but if I'm not, I think this
> qualifies as a bug.
I believe it was Andrew Koenig who once proposed the following thought
problem (originally about C programming, but it applies here too)
which I will paraphrase from memory. Have you ever cut yourself on a
kitchen knife? [Of course we all have at one time or another.] Could
you design a new kitchen knife that you could not cut yourself with?
Would you use such a knife yourself?
I do not believe there is a bug here.
Bob
_______________________________________________
Bug-sh-utils mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/bug-sh-utils
