Path: utzoo!utgpu!watmath!uunet!ukma!rayssd!srhqla!magnus!mml
From: mml@magnus.UUCP (Mike Levin)
Newsgroups: unix-pc.general
Subject: Re: /etc/shutdown permissions
Message-ID: <336@magnus.UUCP>
Date: 20 Nov 88 09:32:27 GMT
References: <234@safari.UUCP>
Reply-To: mml@magnus.UUCP (Mike Levin)
Distribution: unix-pc
Organization: Silent Radio, Los Angeles
Lines: 24

In article <234@safari.UUCP> dave@safari.UUCP (dave munroe) writes:
>In release 3.5 at least, /etc/shutdown has permissions -rwxr-xr-x, which is
>obviously a bad idea.
>						-dave

It's also that way in release 3.51, *BUT* if you are NOT root, it gives the
appearance of proceeding to do it's thing, and then it fails.  For example,
it warns of killing active phone conversations, etc., but then when it tries
to do it's thing, it fails for "unable to send signal to init".  So, it is
probably safe.  IN ANY CASE, it is ONLY a shell script, and as such it is
something that (from a security standpoint) somebody could simply create
with an editor themselves.  It *CAN'T* be setuid'd, it can't be removed or
altered by anybody but the owner, and so I don't think that any security is
actually compromised by the way it's done.  Of course, maybe I'm missing
something.  :-)


					Mike Levin

-- 
+---+  P L E A S E    R E S P O N D   T O: +---+  *  *  *  *  *  *  *  *  *  *
| Michael M. Levin, Silent Radio, Los Angeles  | I never thought I'd be LOOKING
|{aeras|csun|mtune|pacbell|srhqla}!magnus!levin|   for something to say! ! !
+----------------------------------------------+------------------------------+