Hi,
You probably have /sbin/shutdown set suid, because on all my Gentoo
boxes, normal users can't run it, only root can run it. (Permission
denied). What is the output of ls -al /sbin/?
Greets,
Frank
Paweł Madej wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello,
Today i've noticed that common user do not have /sbin and /usr/sbin dirs
in their PATH but they can start all the tasks from that directories for
example on server machine someone could make /sbin/shutdown and turn the
server off. For me it is very big security hole.
Maybe it has to be set like that, maybe I'm wrong, but if so please tell
me why.
- --
Paweł Madej aka Nysander
Member of QuanTeam | RLU #357047
http://wiki.quanteam.info | Gentoo Linux User
http://forum-farmaceutyczne.org | GPG key: 5861680B
| keyserver: http://pgp.mit.edu
Kielce, Poland | UTF-8 Email Preferred
Looking to buy: 6x 73 GB UW3/Ultra160 SCSI 80 pin (SCA)
..::||::.. pair of PentiumIII Slot1 1GHz/ FSB 100 processors
..::||::.. 2x 256 MB SDRAM ECC Registered
Got any of this mail me, with prize and shipping costs.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDzO4vgvSMglhhaAsRAid1AJ9UU8uKgDmXVzGWCu+wtiCsutvg3wCeODEQ
WNtJXfOxciZCwNB/UwmtLyQ=
=hMHo
-----END PGP SIGNATURE-----
--
gentoo-dev@gentoo.org mailing list
