Re: /etc/init.d scripts WAS: Re: start-stop-daemon on Debian (fwd)
On Mon, 19 Apr 1999, Raul Miller wrote:
> > > Consider su -c /etc/init.d/blah
>
> > And if the PATH wasn't appended, how would su -c /etc/init.d/blah be any
> > different, except that it may not run?
>
> So? It's not as if su -c is the only issue involved. And, not running
> is only relevant before these other issues are addressed.
I fail to see what your point is. You told me to consider something in
light of what I am proposing. I replied that I did and that I could see no
change in behavior. And then you reply "So?"
What am I missing?
> > If that's desired behavior, because we want to force users to not be
> > able to issue commands like that (even if they so desire) then that's
> > one thing. OTOH, it's not only a matter of root's PATH being changed
> > like everyone is making it out to be. The above su command is a good
> > example of another case where the proper PATH might not be available
> > unless the script appends what it needs.
>
> Except that you always need to think about security implications when
> dealing with activity which system priviledges.
Fine -- and what are the security implications here? Or are you just
saying, "I'm not sure there are any, but keep it in mind and try to find
them." ??
Thanks,
--
Brock Rozen brozen@torah.org
Director of Technical Services (410)358-9800
Project Genesis http://www.torah.org/
Reply to: