On Wed, 6 Sep 2000, R. W. Rodolico wrote:

> mv /etc/init.d/mysql /etc/init.d/mysql.original
> echo #! /bin/bash > /etc/init.d/mysql
> chmod 777 /etc/init.d/mysql

Ouch, I hope you mean 755 or at least 775. Permissions 777 would allow any
user to write to the file. A user could simply watch for the creation of
such a file and modify it before you run the script - this is an easily
exploitable security hole.

-chet

-----
yet he has sorcery


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to