Re: /etc/init.d scripts WAS: Re: start-stop-daemon on Debian (fwd)
On Sun, 18 Apr 1999, Raul Miller wrote:
> I think that the append mechanism is bad because there are a number of
> contexts where this isn't the best solution.
>
> > The parents PATH would be inherited anyhow, wouldn't it? So we're
> > doing what to it that reduces security?
>
> Consider su -c /etc/init.d/blah
And if the PATH wasn't appended, how would su -c /etc/init.d/blah be any
different, except that it may not run?
If that's desired behavior, because we want to force users to not be able
to issue commands like that (even if they so desire) then that's one
thing. OTOH, it's not only a matter of root's PATH being changed like
everyone is making it out to be. The above su command is a good example of
another case where the proper PATH might not be available unless the
script appends what it needs.
--
Brock Rozen brozen@torah.org
Director of Technical Services (410)358-9800
Project Genesis http://www.torah.org/
Reply to: