On Thu, 21 Jun 2001, Rusty Ballinger wrote:
> > I'm also unsure about the security issues of having FAM installed. (I
> > worry especially about it's handling of groups.) Does anyone know if Irix
> > has had any security problems with FAM?
>
> The only one I know of was "the big one," where you could get fam to tell
> you the names of all the files on the system, but that was fixed when fam
> was ported to Linux. Some of the weirdness with groups may be related to
> supporting the "insecure compatibility" option for old Irix clients, some
> of it may be related to not having getgrmember on Linux, and some of it
> may be just plain weird. It's certainly possible that there are bugs
> there.
Well. It could be because nobody looked. For one thing, in my debug
sessions, running famd as group root makes it possible to see all files
with group==root. I don't know if this is a problem in real usage, as then
inetd launches famd, and probably uses some other group.
/ Alex
--
Source code, list archive, and docs: http://oss.sgi.com/projects/fam/
To unsubscribe: echo unsubscribe fam | mail majordomo@xxxxxxxxxxx
|