[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] security risk... is this normal?
- Subject: Re: [cobalt-users] security risk... is this normal?
- From: Dmitry Alexeyev <dmi_a@xxxxxxxxxx>
- Date: Mon Mar 1 12:46:03 2004
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
> >
> >Do you have any examples?
>
> do a grep - there are lots of them.
grep on what? -v rpm ?
yes, 'rm' for example is very dangerous command, but you can't delete
any file not belonging to you unless you're root
Uninstaller scripts may use rm, and so what?
If one doesn't go mad and do chmod -R 777 /, it won't break anything.
>
> >Uninstaller script only remove packages installed by RPM, so it is
> > only rpm -e.
> >What other DANGEROUS commands do they have? mv, rm?
> >You give me an example of dangerous command...
> >
> > > >And that's right, but there's no point in restricting access to
> > > >uninstallers, cause rpm already cares about it.
> > >
> > > I'm not talking about the calls to RPM in the uninstaller scripts
> > > - those aren't the commands that are a potential worry for me.
> >
> >And what do you worry about?
>
> I made it clear - obviously you are playing dense on purpose.
Uninstaller scripts just run usual UNIX commands, nothing more.
Those scripts are not setuid, so one can't harm system using it.
You don't remove 'rm' cause it may delete something, right?
> >Are your users able to delete system files?
> >Any user is limited to his home directory, he just can't write
> > anywhere else.
> >Unless you have world-writeable directories somewhere, which is
> > already your bad.
>
> you're impossible. There is a POTENTIAL if someone has messed up
> permissions. I never said MY boxes were more susceptible to this
> than anyone elses.
If someone has messed up permissions on system critical files... ufff...
nothing could help him.
So I see no point in doing chmod 700 to all those uninstallers...
WBR,
Dmitry