Re: help! can't faxalter or faxrm! permission denied!

To: kyle.silfer@alibi.com (kyle.silfer)
Subject: Re: flexfax: help! can't faxalter or faxrm! permission denied!
From: David Woolley <david@djwhome.demon.co.uk>
Cc: andrew.croke@awamarine.com.au, flexfax@sgi.com
Reply-To: flexfax@sgi.com
Date: Thu, 24 Jun 1999 09:00:13 +0100 (BST)

> 
> > I have found that the process is actually owned by bin. I have been
> > working around it by 

If you have a process, as against a program, owned by bin, you have
a security problem.  faxalter itself is not setuser, so should run
as whoever starts it.

Generally things are owned by bin if they should not be writeable,
and in some cases readable, to anyone except root; it allows a careful
sysadmin to manage them without running as root all the time.  They can
be a risk in NFS systems, as bin doesn't have the special protection
given to root.

Any process running as bin has the ability, if subverted, to access
all the non-privileged programs in the system, including many that
may subsequently be run as root.

Either the startup script is being run unsafely, or something that
is supposed to be set-user root has been made set-user bin, or 
set-user has been inappropriately set on something that doesn't need it.

Follow-Ups:
- Re: help! can't faxalter or faxrm! permission denied!
  - From: Andrew CROKE <andrew.croke@awamarine.com.au>

References:
- RE: help! can't faxalter or faxrm! permission denied!
  - From: "kyle.silfer" <kyle.silfer@alibi.com>

Prev by Date: Re: Message clarification
Next by Date: Deployment of Hylafax NT client
Prev by thread: RE: help! can't faxalter or faxrm! permission denied!
Next by thread: Re: help! can't faxalter or faxrm! permission denied!
Index(es):
- Main
- Thread

Report any problems to webmaster@hylafax.org

HylaFAX is a trademark of Silicon Graphics Corporation.
Internet connectivity for hylafax.org is provided by:
VirtuALL Private Host Services