Permissions on "fp/lib/config" [was: Re: Security Issues with filePro]

Jay R. Ashworth jra at baylink.com
Wed May 26 10:31:28 PDT 2004


On Fri, Nov 28, 2003 at 01:27:18AM -0500, Kenneth Brody wrote:
> Quoting Bob Stockler <bob at trebor.iglou.com>:
> [...]
> > My /fp/lib/config file is owned by the user "filepro" and
> > has rw permissions for the owner only, and it seems to be
> > working OK (apparently for a long time now).
> >
> > I don't know when or how it got set that way.
> >
> > I also don't know why it should be set any other way.  Its
> > contents are of interest only to filePro programs, so I
> > don't see why filePro would not function properly if its
> > permissions were any different from what I have.
> [...]
> 
> It needs to be world-readable, or else runmenu can't read it.  (Which
> may not be a requirement in your particular setting.  But, imagine a
> setup with PFMENU in the config file, for example.)

I note that runmenu is *not* SUID, which surprised me.  What breaks if
you set it that way?

Cheers,
-- jra
-- 
Jay R. Ashworth                                                jra at baylink.com
Member of the Technical Staff     Baylink                             RFC 2100
The Suncoast Freenet         The Things I Think
Tampa Bay, Florida        http://baylink.pitas.com             +1 727 647 1274

        Come see Linux Gazette in our new home: www.linuxgazette.net!


More information about the Filepro-list mailing list