Bug 770 - "startinnfeed" binary can be run by any user!!
Summary: "startinnfeed" binary can be run by any user!!
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: inn (Show other bugs)
(Show other bugs)
Version: 5.2
Hardware: i386 Linux
Target Milestone: ---
Assignee: David Lawrence
QA Contact:
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 1999-01-09 22:24 UTC by Chris Evans
Modified: 2008-05-01 15:37 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 1999-01-12 17:17:47 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Chris Evans 1999-01-09 22:24:32 UTC
The permisions on /usr/lib/news/startinnfeed are hazardous.
I suspect this binary isn't intended to be world-executable.
By removing world execute permission from this binary only
people in group news can run the "startinnfeed" task.

The problem with current permissions is that _any_ user
can ruin system performance by starting a new news feed
at a time of their choice.

Comment 1 Jay Turner 1999-01-12 17:17:59 UTC
Thank you for your suggestion and it has been noted. We will consider
it for any upcoming releases.

Note You need to log in before you can comment on or make changes to this bug.