Permissions on "fp/lib/config" [was: Re: Security Issues with
filePro]
Jay R. Ashworth
jra at baylink.com
Wed May 26 10:31:13 PDT 2004
On Fri, Nov 28, 2003 at 10:12:09PM -0500, Kenneth Brody wrote:
> Quoting Bob Stockler <bob at trebor.iglou.com>:
> [...]
> > Maybe I could figure it out on a non-holiday-weekend when the wine
> > was not flowing so freely, but give me a quick fix to:
> >
> > Why is runmenu not SUID "filepro" as other filePro programs are?
> > ^^^
> [...]
>
> Since you can have menus that run anything, including non-filePro things,
> why should those non-filePro things run as setuid filepro?
They shouldn't. runmenu should fork, *drop* setuser, and then exec.
Cheers,
-- jra
--
Jay R. Ashworth jra at baylink.com
Member of the Technical Staff Baylink RFC 2100
The Suncoast Freenet The Things I Think
Tampa Bay, Florida http://baylink.pitas.com +1 727 647 1274
Come see Linux Gazette in our new home: www.linuxgazette.net!
More information about the Filepro-list
mailing list