[plug] Possible (???) security hole in Debian 2.0

John Summerfield summer at os2.ami.com.au
Sun Sep 6 08:39:12 WST 1998


On Fri, 4 Sep 1998, David Campbell wrote:

> I don't know if this is a problem that has been reported or not but....
> 
> I just found that all the scripts in /etc/init.d/ had rwxr-xr-x permisions. This 
> means that anyone logged in could start/stop daemons on the machine. I 
> personally do not find this a good idea.
> 
> Could other people running Debian 2.0 please check their /etc/init.d/ 
> directory and let me know if it is a problem with only my machine or it affects 
> others.

Settle down. Few if any can function unless run as root.

There's nothing preventing an arbitrary user from running individual
commands contained in those scripts, but unless they're run as root they
can't open TCP|UDP ports below 1024 to listen to them.


Cheers
John Summerfield
http://os2.ami.com.au/os2/ for OS/2 support.
Configuration, networking, combined IBM ftpsites index.



More information about the plug mailing list