* Thanasis Kinias ([EMAIL PROTECTED]) [031201 11:03]: > BTW, if someone has compromised your system to the extent of being able > to put a trojaned passwd in /usr/local/bin, he can put it in /usr/bin, > too.
Not necessarily. In order to put something in /usr/local/[s]bin, I just need to get an account with group staff. Depending on who's in that group (and how many are in that group), this may be significantly easier than getting root. [EMAIL PROTECTED]:~$ ls -l /usr/local total 32 drwxrwsr-x 2 root staff 4096 2003-11-11 02:42 bin drwxrwsr-x 2 root staff 4096 2003-11-11 02:42 games drwxrwsr-x 2 root staff 4096 2003-11-11 02:42 include drwxrwsr-x 8 root staff 4096 2003-11-26 14:51 lib drwxrwsr-x 2 root staff 4096 2003-11-11 02:42 man drwxrwsr-x 2 root staff 4096 2003-11-11 02:42 sbin drwxrwsr-x 3 root staff 4096 2003-11-11 18:10 share drwxrwsr-x 2 root staff 4096 2003-11-11 02:42 src good times, Vineet -- http://www.doorstop.net/ -- Microsoft has argued that open source is bad for business, but you have to ask, "Whose business? Theirs, or yours?" --Tim O'Reilly
signature.asc
Description: Digital signature
