On Sun, Feb 15, 2004 at 12:20:26PM -0700, Monique Y. Herman wrote: > On 2004-02-15, Joey Hess penned: > > That would be a violation of debian policy, and is not the case on any > > of my systems. > > > > -rwxr-xr-x 1 root root 33K Oct 9 2002 > > /usr/sbin/logrotate* > > Well, Bastille locked those permissions down for me.
Oh, God, why on earth? > The question is, was Bastille being overly paranoid, or can logrotate > be exploited when it's world-executable? No executable that isn't set-user-id or set-group-id can ever let you do anything you couldn't do yourself anyway. This is why Debian policy says that non-set-id executables shouldn't have restrictive permissions. I'd file a bug with the Bastille people. Cheers, -- Colin Watson [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
