[gentoo-dev] /sbin /usr/sbin security hole

2006-01-17 Thread Paweł Madej
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, Today i've noticed that common user do not have /sbin and /usr/sbin dirs in their PATH but they can start all the tasks from that directories for example on server machine someone could make /sbin/shutdown and turn the server off. For me it is

Re: [gentoo-dev] /sbin /usr/sbin security hole

2006-01-17 Thread Frank Groeneveld
Hi, You probably have /sbin/shutdown set suid, because on all my Gentoo boxes, normal users can't run it, only root can run it. (Permission denied). What is the output of ls -al /sbin/? Greets, Frank Paweł Madej wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, Today i've

Re: [gentoo-dev] /sbin /usr/sbin security hole

2006-01-17 Thread Darryl Wagoner
Nysander,If you are running a server where untrusted users have access then you really needto understand Linux security better. I would read some books on Linux security if that isthe case.Good luck DarrylOn 1/17/06, Frank Groeneveld [EMAIL PROTECTED] wrote: Hi,You probably have /sbin/shutdown set

Re: [gentoo-dev] /sbin /usr/sbin security hole

2006-01-17 Thread Brian Harring
On Tue, Jan 17, 2006 at 02:17:50PM +0100, Paweł Madej wrote: Hello, Today i've noticed that common user do not have /sbin and /usr/sbin dirs in their PATH but they can start all the tasks from that directories for example on server machine someone could make /sbin/shutdown and turn the

Re: [gentoo-dev] /sbin /usr/sbin security hole

2006-01-17 Thread Paweł Madej
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Frank Groeneveld wrote: Hi, You probably have /sbin/shutdown set suid, because on all my Gentoo boxes, normal users can't run it, only root can run it. (Permission denied). What is the output of ls -al /sbin/? Greets, Frank [EMAIL

Re: [gentoo-dev] /sbin /usr/sbin security hole

2006-01-17 Thread Richard Fish
On 1/17/06, Paweł Madej [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] ~ $ ls -al /sbin/ Please don't bother the devs with this anymore. We will be happy to explain the intricacies of unix permissions on gentoo-user. -Richard -- gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] /sbin /usr/sbin security hole

2006-01-17 Thread Drake Wyrm
Pawe?? Madej [EMAIL PROTECTED] wrote: Frank Groeneveld wrote: You probably have /sbin/shutdown set suid, because on all my Gentoo boxes, normal users can't run it, only root can run it. (Permission denied). What is the output of ls -al /sbin/? [EMAIL PROTECTED] ~ $ ls -al /sbin/ [snip]