Nicolas Williams wrote: > On Fri, Apr 24, 2009 at 12:36:31PM -0400, Brian Utterback wrote: >> Nicolas Williams wrote:
>>> 87 # Set up debugging. >>> 88 deb=`svcprop -c -p config/debuglevel $SMF_FMRI` >>> 89 debfile=`svcprop -c -p config/debugfile $SMF_FMRI` >>> ... >>> 94 /usr/lib/inet/ntpd $args --set-debug-level=$deb >$debfile & >>> >>> What if $debfile is set to something nasty? Privilege escalation? >>> >>> Nico >> Ouch. Really good point. I can't think of a way to validate this >> adequately. I this one needs to be hard coded to /var/ntp/ntp.debug. > > Hmmm, why do you need that when SMF captures the stdout and stderr of > the service into a per-service log file anyways? > > Nico I tried that. The NTP debug output can be massive. It obscures real error messages in the SVC log file. When you are done debugging, you generally want to delete the debug file, but that would delete the logging info as well. -- blu "Mark my words, nanotechnology is going to be huge!" ---------------------------------------------------------------------- Brian Utterback - Solaris RPE, Sun Microsystems, Inc. Ph:877-259-7345, Em:brian.utterback-at-ess-you-enn-dot-kom
