On Sat, 2006-11-25 at 18:17 -0600, Casey Harkins wrote:
> Brian Eaton wrote:
> > - the script must be a regular file (not a symlink), and must be owned
> > by root.
>
> This one is incorrect. We install a script (which auto configures our
> network printers at our offices) to /usr/sbin and create a symlink from
> the dispatcher.d directory to this script and it works perfectly.
>
> >
> > - the script must be writable only by root, and must not be setuid
> I'm not sure if this is the case either (haven't tested nor looked at
> the code), but I would guess this isn't a requirement, though certainly
> best practice.
There are some checks in the dispatcher to be pretty strict about what's
being executed...
static inline gboolean nmd_permission_check (struct stat *s)
{
if (!S_ISREG (s->st_mode))
return FALSE;
if (s->st_uid != 0)
return FALSE;
if (s->st_mode & (S_IWGRP|S_IWOTH|S_ISUID))
return FALSE;
if (!(s->st_mode & S_IXUSR))
return FALSE;
return TRUE;
}
Dan
>
> -casey
> _______________________________________________
> NetworkManager-list mailing list
> [email protected]
> http://mail.gnome.org/mailman/listinfo/networkmanager-list
_______________________________________________
NetworkManager-list mailing list
[email protected]
http://mail.gnome.org/mailman/listinfo/networkmanager-list
