On Tuesday 11 June 2002 10:27 pm, Tom Eastep wrote: > On Tue, 11 Jun 2002, Antony Stone wrote:
> > Well, on my system at least (Slackware 8.0), /proc/net/arp has > > permissions -r--r--r-- so anyone can read it. The arp program is in > > /sbin, so it can only be run by root. > > Are you saying that Slack secures /sbin against access by non-root users > or the files there from being executed by non-root users? Not so on > RedHat: > > Note that /sbin isn't in non-root's PATH so by default an absolute path > name must be used. But: Okay - turns out I'm telling you Slackware's the same - I just naively assumed that when someone decided not to include /sbin on non-root user PATH, then they would have given it permissions dr-xr-x--- to stop non-root users getting at the juicy commands inside. Just shows you something you think is security is just obscurity :-) Antony.
