1 |
On Wed, 28 Jul 2004 14:47:44 -0400 |
2 |
Mike Frysinger <vapier@g.o> wrote: |
3 |
|
4 |
> On Wednesday 28 July 2004 02:33 pm, Klaus Wagner wrote: |
5 |
> > > # /emerge/.profile |
6 |
> > > if [ "`echo " $(who) "|grep "^\ $(whoami)\ "`" != "" ]; then |
7 |
> > > echo "Only login via 'su' permitted." >&2 |
8 |
> > > exit 1 |
9 |
> > > fi |
10 |
> > keep in mind that if emerge user has write access to it's homedir |
11 |
> > (which is quite normal and needed by much applikations) the emerge |
12 |
> > user could easily change (replace) it's own .profile even if it has no |
13 |
> > write permissions to it. |
14 |
> |
15 |
> yep, and you could, in theory, CTRL+C the check couldnt you ? |
16 |
|
17 |
As long as you're quick enough... ;-) |
18 |
|
19 |
> probably only happen on a very heavily loaded box ... but that's not something |
20 |
> i'd bet security on ;) |
21 |
|
22 |
Such a havily 'loaded box' (means: server) won't be administrated by that admin. Only desktop-boxes. |
23 |
|
24 |
> -mike |
25 |
> |
26 |
> -- |
27 |
> gentoo-security@g.o mailing list |
28 |
> |
29 |
|
30 |
-- |
31 |
gentoo-security@g.o mailing list |