[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: /etc/init.d scripts WAS: Re: start-stop-daemon on Debian (fwd)

On Sun, 18 Apr 1999, Raul Miller wrote:

> I think that the append mechanism is bad because there are a number of
> contexts where this isn't the best solution.
> 
> > The parents PATH would be inherited anyhow, wouldn't it? So we're
> > doing what to it that reduces security?
> 
> Consider su -c /etc/init.d/blah

And if the PATH wasn't appended, how would su -c /etc/init.d/blah be any
different, except that it may not run?

If that's desired behavior, because we want to force users to not be able
to issue commands like that (even if they so desire) then that's one
thing. OTOH, it's not only a matter of root's PATH being changed like
everyone is making it out to be. The above su command is a good example of
another case where the proper PATH might not be available unless the
script appends what it needs.

-- 
Brock Rozen                                              brozen@torah.org
Director of Technical Services                              (410)358-9800
Project Genesis                                     http://www.torah.org/
Reply to: