/etc/shutdown permissions

Barry Shein bzs at encore.com
Fri Nov 25 07:34:43 AEST 1988


From: jr at amanue.UUCP (Jim Rosenberg)
>To be truthful, I can hardly believe in light of all the concern for security
>prompted by the (apparently) Morris Worm that anyone would seriously propose
>leaving 755 permissions on something like /etc/shutdown, for crying out loud!
>The off-the-shelf permissions on the 7300 are probably the worst of any
>commercially released UNIX box ever seen on the face of the earth.  You should
>give your machine a thorough going over.

Jim, with all due respect, this is awful, panic-stricken advice...

If shutdown can be run w/o being root then it should take a 5 line
C-program to effect the same thing if you protect it. You are wholly
dependent on the fact that some syscalls are root-only and if you
can't rely on it you are SOL, no amount of running around shutting off
permissions on files will protect you.

On my unix-pc running shutdown simply gives an error message and
exits.

All this kind of advice is doing is panicking people, making them
waste their time doing things of questionable value and hence avoiding
real issues (or at the very least burying it in a bad signal to noise
ratio, distracting folks from understanding what they really need to
do to get proper security on their system etc.)

I'll turn it on its head, make your /etc/shutdown 755, if executing it
from a non-super-uid account does anything then you've got much deeper
problems that changing the mode on that file won't help at all and
you'd better deal with those problems first.

There are certainly ways to improve security *in general* by changing
files to correct permissions, but let's get the list of correct,
specific suggestions that actually will help before we start hearing
"omigod i did as you said and made foo unexecutable and now i can't
login/boot/compile [whatever]!!" etc and other incredible wastes of
time.

	-Barry Shein, ||Encore||



More information about the Unix-pc.general mailing list