On Thu, May 16, 2013 at 08:39:41PM +0100, Stuart Henderson wrote:
> On 2013/05/16 14:10, Jiri B wrote:
> > Is it wise to allow every user execute zzz? If apmd
> > is running this makes machine suspend, works even via
> > ssh.
>
> restricting the binary permissions is pointless.
>
> restricting the permissions on /var/run/apmdev on the other hand,
> would be a good idea....I wonder if someone already thought of that! :-)
Ah, the group is 'wheel' on the socket. One normally doesn't
assign "other" users to wheel group. So I think it's ok, forget
my previous approach.
jirib
> > Index: Makefile
> > ===================================================================
> > RCS file: /cvs/src/usr.sbin/apm/Makefile,v
> > retrieving revision 1.14
> > diff -u -p -r1.14 Makefile
> > --- Makefile 26 Mar 2012 20:17:43 -0000 1.14
> > +++ Makefile 16 May 2013 18:07:54 -0000
> > @@ -18,6 +18,9 @@ LINKS+= ${BINDIR}/apm ${BINDIR}/ZZZ
> > NOPROG=yes
> > .endif
> >
> > +BINOWN= root
> > +BINGRP= operator
> > +BINMODE=0550
> > MAN= apm.8
> > MANSUBDIR=amd64 i386 loongson macppc sparc sparc64 zaurus
> > MLINKS= apm.8 zzz.8 apm.8 ZZZ.8
