I opted for #2, since it requires no changes to existing start/stop scripts.
> 2. Enforce the sticky bit on the var directory. From Solaris' chmod(2)
> manpage:
>
> If a directory is writable and has S_ISVTX (the sticky bit)
> set, files within that directory can be removed or renamed
> only if one or more of the following is true (see unlink(2)
> and rename(2)):
>
> o the user owns the file
>
> o the user owns the directory
>
> o the file is writable by the user
>
> o the user is a privileged user
>
> (Privileged user means 'root'.) We only need to enforce the sticky bit
> if we start as root and are doing the requisite setuid(). My patch
> already has a test for this.
Patch is attached, against the current release. (diff -c, God bless
Solaris... heh)
--
Matt Behrens <[EMAIL PROTECTED]>
System Analyst, Baker Furniture
z2_py.diff.gz
