[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: overwrite any file with updatedb

On Tue, Mar 03, 1998 at 10:15:12AM -0500, Bryan Andregg wrote:
> On Tue, 3 Mar 1998 10:39:05 +0100 (CET), Remco Blaakmeer wrote: 
> >I don't have a Red Hat system at hands to test this, so let me tell you
> >what it's like on a Debian pre-2.0 system, which I am currently using.
> >
> >On my system, this bug is present.
> >
> >Daily, cron runs "run-parts /etc/cron.daily" as root. In this directory is
> >a file named "find" with these contents:
> >
> And as has been pointed out this is "A Bad Thing"(tm) however on a Red Hat 
> system >= 4.2 this runs as nobody so it isn't an immediate issue.

This needs to be corrected.  /etc/cron.daily/find runs as root.  That's
correct, but if yo u look into it, you'll find

	su nobody -c "updatedb"

So on Debian systems it runs as 'nobody', too.



  / Martin Schulze  *  joey@infodrom.north.de  *  26129 Oldenburg  /
 / If you come from outside of Finland, you live in wrong country /
/ Featuring Debian GNU/Linux               motd von irc.funet.fi /

TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to: