[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: user access to network - summary
On Wed, May 13, 1998 at 09:08:14PM +0300, Tuvik Beker wrote:
> Needless to say, there are better methods, as suggested by some of you,
> but this one is very easy to create and modify, and seems rather safe.
> Please correct me if I'm wrong in this last point.
If everyone on the machine is trusted.
With this solution, any account owner can probably PREVENT the change
from occuring by deleting the file.
Also, if you decide to go this way, at least have the script check
ownership of the semaphore and do some sanity checks (probably logging
too?).
ALSO also <g>, make sure root or anyone priviledged NEVER uses these
semaphores, as they open up a symlink following condition (preictable
filename in /tmp, hmmm). At the very least have a wrapper for
semaphore creation (even though this just introduces a race condition).
Again, you might like some logging on the client side too.
PS: I won't be on the list for the next five days. Have fun, pizza or no.
--
believing is seeing
gaal@forum2.org
http://www.forum2.org/gaal/