Re: /etc/init.d scripts WAS: Re: start-stop-daemon on Debian (fwd)

[Brock Rozen <brozen@torah.org>]

On Mon, 19 Apr 1999, Raul Miller wrote:

> > > Consider su -c /etc/init.d/blah
>  
> > And if the PATH wasn't appended, how would su -c /etc/init.d/blah be any
> > different, except that it may not run?
> 
> So?  It's not as if su -c is the only issue involved.  And, not running
> is only relevant before these other issues are addressed.

I fail to see what your point is. You told me to consider something in
light of what I am proposing. I replied that I did and that I could see no
change in behavior. And then you reply "So?"

What am I missing?

> > If that's desired behavior, because we want to force users to not be
> > able to issue commands like that (even if they so desire) then that's
> > one thing. OTOH, it's not only a matter of root's PATH being changed
> > like everyone is making it out to be. The above su command is a good
> > example of another case where the proper PATH might not be available
> > unless the script appends what it needs.
> 
> Except that you always need to think about security implications when
> dealing with activity which system priviledges.

Fine -- and what are the security implications here? Or are you just
saying, "I'm not sure there are any, but keep it in mind and try to find
them." ??

Thanks,

-- 
Brock Rozen                                              brozen@torah.org
Director of Technical Services                              (410)358-9800
Project Genesis                                     http://www.torah.org/