makedir ownership question

Fairlight fairlite at fairlite.com
Mon Oct 31 10:03:14 PST 2005


Question here...  Why does 'makedir' from fP need to be suid root?  To my
knowledge, the only time it's used is when you create a new database
directory via ddefine.  Since the heirarchy for $PFDIR should all be owned
by 'filepro' since installation, why is suid filepro not sufficient?  Is it
actually used for anything else at any other time?

Don't ask me why I just thought of this -right now-.  I've no idea.  It
just kinda "popped in there" and I thought it was odd that it would need
higher privs than any other fP module.

Humour someone that likes as few suid root programs on systems he works
on as possible.  Actually, that's most knowledgeable admins--my ISP has
their list down to only ping and traceroute on the public shell server.
But I find this question especially important in light of the exploit that
existed in makedir until a few years back.  Who knows what else is lurking
in there?  Even if it's pristine now, one still wants as few suid root
binaries as possible.

So, could someone please give me a good reason it needs to be the way it
currently is, and absolutely can't be dropped back to suid filepro?

mark->
-- 
Fairlight->   ||| "Strung out in Heaven's high,      | Fairlight Consulting
  __/\__      ||| hitting an all time low..." --     |
 <__<>__>     ||| Bowie                              | http://www.fairlite.com
    \/        |||                                    | info at fairlite.com


More information about the Filepro-list mailing list