[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ipchains

On Wed, Mar 28, 2001 at 09:11:41AM +0000, Christopher Clark wrote:
> On the uk.comp.os.linux newsgroup recently, a gentleman remarked that he 
> re-initialised his (type -P input DENY style ) firewall every ten minutes 
> from a cron job.  When asked why, he said because of ipchains -F; ipchains -X 
>  In other words flush rules one by one then delete rules one by one.  It 
> seems my /sbin/ipchains is 755 root root.  i.e. anybody on the inside can 
> remove my firewall.
> Hopefully I am missing something.

<guessing> when an executable program has permissions 755 then
anyone can run it -- very true. BUT in order to effect some
system-wide change, you may need certain privileges ON TOP of
that. for example, "psql" is executable by anyone, but unless you
have a valid postgresql id to access a certain database, you
can't get in. same would be true (i'd bet money on it) for
changing system settings like firewall, port forwarding, etc.
</guessing>

try munging your firewall as a normal user and see if it lets you
do so.

	% ls -l `which ipchains`
	-rwxr-xr-x   1 root   root    38416 Apr 24  2000 /sbin/ipchains
	% ipchains -L
	ipchains: Permission denied


-- 
It is always hazardous to ask "Why?" in science, but it is often
interesting to do so just the same.
		-- Isaac Asimov, 'The Genetic Code'

will@serensoft.com
http://newbieDoc.sourceforge.net/ -- we need your brain!
http://www.dontUthink.com/ -- your brain needs us!
Reply to: