Paul Rogers wrote:
Putting the actual name of the script to be run in the SERVICE variable opens up the possibility of running arbitrary code if the interface config file can be compromised. Certainly that file should be write protected, but even so this just expands the "attack surface". It should at least have mode 600 root:root, and probably even be in an "invisible" directory.
It is 644 root:root now. I don't see how the read bits change anything. The service directory should probably also be
invisible.
Security by obscurity is not really effective. Arguably, even if it would be harder to maintain, that
"service" should probably be isolated by matching it in a case statement in ifup, then ifup would have the actual script's path and parameters internally. "Ease of use" has opened up many holes. This looks like one.
Your concerns seem to be about situations where a hacker already has root. -- Bruce -- http://lists.linuxfromscratch.org/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page Do not top post on this list. A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? http://en.wikipedia.org/wiki/Posting_style
