On Wed, Mar 28, 2001 at 09:11:41AM +0000, Christopher Clark wrote:
> On the uk.comp.os.linux newsgroup recently, a gentleman remarked that he
> re-initialised his (type -P input DENY style ) firewall every ten minutes
> from a cron job. When asked why, he said because of ipchains -F; ipchains -X
> In other words flush rules one by one then delete rules one by one. It
> seems my /sbin/ipchains is 755 root root. i.e. anybody on the inside can
> remove my firewall.
> Hopefully I am missing something.
<guessing> when an executable program has permissions 755 then
anyone can run it -- very true. BUT in order to effect some
system-wide change, you may need certain privileges ON TOP of
that. for example, "psql" is executable by anyone, but unless you
have a valid postgresql id to access a certain database, you
can't get in. same would be true (i'd bet money on it) for
changing system settings like firewall, port forwarding, etc.
</guessing>
try munging your firewall as a normal user and see if it lets you
do so.
% ls -l `which ipchains`
-rwxr-xr-x 1 root root 38416 Apr 24 2000 /sbin/ipchains
% ipchains -L
ipchains: Permission denied
--
It is always hazardous to ask "Why?" in science, but it is often
interesting to do so just the same.
-- Isaac Asimov, 'The Genetic Code'
[EMAIL PROTECTED]
http://newbieDoc.sourceforge.net/ -- we need your brain!
http://www.dontUthink.com/ -- your brain needs us!
