On Fri, 23 Dec 2011 12:10:47 +0000 Alex Scotton alex.scotton@gmail.com allegedly wrote:
Can I ask though, why is it a bad idea to have a script running as root? accordingly, fail2ban runs in this way, and of course many other daemons, so long as it is only executable etc by root, and has no "interface" surely it's secure?
there are a bunch of reasons setuid scripts are bad idea. A good starting explanation is at:
http://www.faqs.org/faqs/unix-faq/faq/part4/section-7.html
I'd also recommend reading something like Practical Unix Security by Garfinkel and Spafford
Mick
---------------------------------------------------------------------
The text file for RFC 854 contains exactly 854 lines. Do you think there is any cosmic significance in this?
Douglas E Comer - Internetworking with TCP/IP Volume 1
http://www.ietf.org/rfc/rfc854.txt ---------------------------------------------------------------------