Bug 770 - "startinnfeed" binary can be run by any user!!
"startinnfeed" binary can be run by any user!!
Product: Red Hat Linux
Classification: Retired
Component: inn (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: David Lawrence
: Security
Depends On:
  Show dependency treegraph
Reported: 1999-01-09 17:24 EST by Chris Evans
Modified: 2008-05-01 11:37 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 1999-01-12 12:17:47 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Chris Evans 1999-01-09 17:24:32 EST
The permisions on /usr/lib/news/startinnfeed are hazardous.
I suspect this binary isn't intended to be world-executable.
By removing world execute permission from this binary only
people in group news can run the "startinnfeed" task.

The problem with current permissions is that _any_ user
can ruin system performance by starting a new news feed
at a time of their choice.
Comment 1 Jay Turner 1999-01-12 12:17:59 EST
Thank you for your suggestion and it has been noted. We will consider
it for any upcoming releases.

Note You need to log in before you can comment on or make changes to this bug.