Re: logrotate: three questions
On Sun, Feb 15, 2004 at 12:20:26PM -0700, Monique Y. Herman wrote:
> On 2004-02-15, Joey Hess penned:
> > That would be a violation of debian policy, and is not the case on any
> > of my systems.
> >
> > -rwxr-xr-x 1 root root 33K Oct 9 2002
> > /usr/sbin/logrotate*
>
> Well, Bastille locked those permissions down for me.
Oh, God, why on earth?
> The question is, was Bastille being overly paranoid, or can logrotate
> be exploited when it's world-executable?
No executable that isn't set-user-id or set-group-id can ever let you do
anything you couldn't do yourself anyway. This is why Debian policy says
that non-set-id executables shouldn't have restrictive permissions.
I'd file a bug with the Bastille people.
Cheers,
--
Colin Watson [cjwatson@flatline.org.uk]
Reply to: