Someone claiming to be "Paul Szabo" has been recommending that we disable
/sbin/it and /sbin/init.d/rmtmpfiles on our Tru64 systems. Apparently that
person expects us to do it on faith. The words "social engineering" come
to mind.
I have looked at /sbin/it (and /sbin/init.d/rmtmpfiles) and concluded that
whatever problems there may be are most likely related to unwarranted
assumptions about the contents of the /tmp directory. That being the case,
let me suggest an alternative workaround for /sbin/it:
1) Create a directory /root_tmp, owned by root.root, mode 0700.
2) Edit /sbin/it so that TMP_PATH=/root_tmp instead of the current
TMP_PATH=/tmp .
As for rmtmpfiles, replacing /tmp/pty_list with /root_tmp/pty_list
should also work around the problem. Alternatively, one could play with
find and xargs and remove the need for the temporary file entirely.
(Hopefully the permanent fix from Compaq will do this.)
Something like
find /dev -type c -name 'tty[a-ce-zA-Z][0-9a-f]' \
-exec /bin/chown root:system {} \; \
-exec /bin/chmod 666 {} \;
and similarly for /dev/pts . It's a shame that find can't select on the
device major number, but that's life. (Perl's File::Find module can do
it, of course.)
Received on Fri Dec 15 2000 - 11:36:56 NZDT