On Mon, 2002-03-11 at 22:45, Ben Reser wrote:
>
> While this is probably too late for 8.2. Why don't we make msec do the
> following. Use getpwent to enumarte the passwd file and enforce
> permissions on home directories? And something similar for NIS and ldap
> users (I'm not sure if getpwent() returns these users)?
>
> This prevents hosing peoples setups but still achieves the security
> protections that msec is trying to achieve.
>
I tried to stay out of this, since I have my own little tid bits with
msec and it's course of development, but like you said. It is rather
late for any changes like that.
Anyway, getpwent() surely does...
Example in C
char _dest[80];
struct passwd *_home;
struct stat _dest_stat;
struct stat _bin_stat;
int
main(void)
{
clearenv();
setenv("PATH", "/bin:/usr/bin:/usr/local/bin", 1);
setenv("IFS", " \t\n", 1);
_home = getpwent();
strncat(_dest, _home->pw_dir, 30);
printf(" You live in %s\n", _dest);
exit(0);
}
Just have it loop(for i...) and pull a chmod() on i
> What difference does it make to the dead, the orphans, and the homeless,
> whether the mad destruction is wrought under the name of totalitarianism
> or the holy name of liberty and democracy? - Ghandi
>
Great quote : )
--
Bryan Paxton
Public PGP key: http://www.deadhorse.net/bpaxton.gpg
"Now, smell the rain of london, it still insists...
That we bed for our purity.
As if we are pure in the rain of our contentment!
As if I can think of this no more!"
-- Jeff Buckley
