Re: su message
Ethan Benson <erbenson@alaska.net> wrote:
>On Tue, Jun 12, 2001 at 10:21:27AM +0100, Colin Watson wrote:
>> I take it just symlinking /dev/log to /dev/null and throwing away
>> messages isn't acceptable?
>
>um...
>
>$ ls -l /dev/log
>srw-rw-rw- 1 root root 0 Jun 11 06:26 /dev/log
>
>its a socket, so a symlink to /dev/null will still result in a
>-ECONNREFUSED causing the message to go to the console again.
>
>yes i just tried this.
Right, I didn't check.
>> If you can set debconf questions in that phase of the installation, you
>> could set man-db/build-database to false, but you'd have to cause it to
>> be built later on.
>>
>> Failing that, maybe I can have mandb attempt to setuid(man) if it's
>> processing only system manpaths, and lose the su.
>
>its already setuid, setuid doesn't work for dropping privileges, only
>gaining them.
Not as in 'chmod u+s', as in the system call. If setuid(2) doesn't work
for dropping privileges, we're all in trouble.
Besides, mandb is not setuid by default.
>i think a better soltution is using start-stop-daemon --chuid man
>instead of su. it won't setup the environment but mandb shouldn't
>care no? start-stop-daemon will do what you want -- changing to uid
>man -- without the logging cruft.
That might well be neater. Thanks.
--
Colin Watson [cjw44@flatline.org.uk]
Reply to: