Re: AW: AW: FHS pre-2.1 draft #1 on web site

To: SEJKORA Martin <martin.sejkora@creditanstalt.co.at>
Cc: "'quinlan@transmeta.com'" <quinlan@transmeta.com>, lsb-spec@linuxbase.org
Subject: Re: AW: AW: FHS pre-2.1 draft #1 on web site
From: "H. Peter Anvin" <hpa@transmeta.com>
Date: Wed, 26 May 1999 01:55:03 -0700
Message-id: <[🔎] 374BB6E7.1480EEE@transmeta.com>
References: <[🔎] 199905260846.KAA49252@lergontr.server.lan.at>

SEJKORA Martin wrote:
> 
> >SEJKORA Martin wrote:
> >>
> >> The recommandation in chapter "3.10 /sbin" at page 14 is IMO
> >> contraproductive to the required file "init", because _ANY_ user may
> >> shutdown the system :-<<<. So it is a "security" hole, and this
> >> recommandation should be erased.
> >> It is IMO better to [sym]link commands in /sbin to /usr/bin when they
> >> _really_ should be accessible to everybody.
> [cutted]
> 
> >That doesn't mean any user can shut down the system!  If so, the
> >permissions on /sbin/init are wrong, and that is completely independent
> >of its location.
> 
> Not really: when init is located in /sbin with ownership / permissions set
> to root:root / 0770 then only root may use init, regardless of init's
> permissions.
> In other locations than /sbin or with the permissions of /sbin set to allow
> users read+execute then the permissions of init are to be considered.
> 

That is not the point, though.  The point is that since /sbin is
normally mode 0755, /sbin/init shouldn't rely on directory permissions. 
init, being an inherently root-only program, should not be executable by
non-root users, and/or the program itself should verify appropriate
permissions.

	-hpa

Reply to:

References:
- AW: AW: FHS pre-2.1 draft #1 on web site
  - From: SEJKORA Martin <martin.sejkora@creditanstalt.co.at>

Prev by Date: AW: AW: FHS pre-2.1 draft #1 on web site
Next by Date: Re: FHS pre-2.1 draft #1 on web site
Previous by thread: AW: AW: FHS pre-2.1 draft #1 on web site
Next by thread: Shared Libraries and naming conventions
Index(es):
- Date
- Thread