On Sun, 19 Mar 2000, Philip S Tellis wrote:
>
>That's my problem. If someone telnets into my system and executes
>/sbin/shutdown, what then? Ok, I can set /sbin/shutdown as -rwx------
>and
>that will save me, but why isn't it default? This seems to be a bug in
>RedHat at least. I think everyone should check their systems to see if
>programs in /sbin and /usr/sbin are world executable.
I tried this thing just now, /sbin/shutdown -h now tells me I have to be root
to use it. However the permissions are set as 755. Confusing. I just made /sbin
and /usr/sbin 700 and the contents too. UID checking in the program?
>Lets make a list of distros that have this problem and tell them about it.
>
>Philip
>
Good idea.
Devdas Bhagat
To subscribe / unsubscribe goto the site www.ilug-bom.org ., click on the mailing list
button and fill the appropriate information
and submit. For any other queries contact the ML maintener
