Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 100856

Summary: /sbin seems to be accessible to users by default
Product: Gentoo Security Reporter: Sacha Moufarrege <nanamin>
Component: Default ConfigsAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: x86   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Sacha Moufarrege 2005-07-30 18:17:22 UTC
I'm using an up to date gentoo system, and it seems that my /sbin is chmodded in
such a way by default as to allow useres to run programs by entering the
absolute path. For example, my ifconfig can be accessed by users typing in
/sbin/ifconfig.
Hopefully Gentoo's /sbin security isn't relying on a lack of path. . .
I think that by default the permissions should be set in a more secure manner.


Reproducible: Always
Steps to Reproduce:
1. Type /sbin/ifconfig at the prompt
2. Play around with programs in the sbin to cause changes that shouldn't be
caused as a normal user. . .


Actual Results:  
ifconfig and whatever else are accessible

Expected Results:  
Permission denied.
Comment 1 SpanKY gentoo-dev 2005-07-30 18:21:43 UTC
the behavior you're seeing is correct