> > Putting the actual name of the script to be run in the SERVICE > > variable opens up the possibility of running arbitrary code if the > > interface config file can be compromised. Certainly that file > > should be write protected, but even so this just expands the "attack > > surface". It should at least have mode 600 root:root, and probably > > even be in an "invisible" directory. > > It is 644 root:root now. I don't see how the read bits change > anything.
"The curious thing was the dog in the night." "But, Holmes, the dog did nothing in the night." "That was the curious thing." "Out of sight, out of mind." If someone can't see how it works it's that much harder to see a possible attack on its weakness. It's the other side of the "social engineering" coin that is so effective in phishing. > > The service directory should probably also be invisible. > > Security by obscurity is not really effective. True enough, it doesn't *create* security. Nevertheless, camouflage is an effective tactic in warfare, even hunting. > > Arguably, even if it would be harder to maintain, that "service" > > should probably be isolated by matching it in a case statement in > > ifup, then ifup would have the actual script's path and parameters My rules: I changed it to use a case statement. I accept the responsibility for changing it if I add a new service. > > internally. "Ease of use" has opened up many holes. This looks > > like one. > > Your concerns seem to be about situations where a hacker already > has root. Not at all. The fact remains, whatever is in the SERVICE variable will be executed with root priveleges by init, however it got that way, whatever damage it may wreak, and it's not necessary. -- Paul Rogers [email protected] Rogers' Second Law: "Everything you do communicates." (I do not personally endorse any additions after this line. TANSTAAFL :-) -- http://www.fastmail.com - Faster than the air-speed velocity of an unladen european swallow -- http://lists.linuxfromscratch.org/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page Do not top post on this list. A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? http://en.wikipedia.org/wiki/Posting_style
