Subject: Re: bin/271: /etc/motd is world writable
To: Chris G. Demetriou <cgd@postgres.berkeley.edu>
From: Brett Lymn <blymn@awadi.com.AU>
List: netbsd-bugs
Date: 06/03/1994 14:00:26
According to Chris G. Demetriou:
>
>> After updating the system name/version in /etc/motd, rc.local
>> proceeds to make it world writable.
>
>that's a feature, not a bug. It was shipped that way from UCB, and
>it seems rational to me.
>
>There's a reason it's in rc.local.
>
Ummm what is the reason? I know that Sun ship their system the same
way - I changed rc.local to make the motd mode 644. Yeah sure, I know
the reasons about putting informative messages into the motd *BUT* it
does open you up to idiots putting "the sysadmin sux" type messages in
motd or, worse, the basis for a denial of service attack by putting
some escape sequence in there.
Considering the stance on security in the rest of the system then a
world writable motd seems a bit of an anachronism. How about making
it 644 by default and putting a comment in the rc.local telling people
how to change it if they want the file world writable?
--
Brett Lymn, Computer Systems Administrator, AWA Defence Industries
===============================================================================
"Where a calculator on the ENIAC is equipped with 18,000 vacuum tubes
and weighs 30 tons, computers in the future may have only 1,000 vacuum
tubes and perhaps weigh 1 1/2 tons."
-- Popular Mechanics, March 1949
------------------------------------------------------------------------------