|
|
10.5: Use a custom firewall in 10.5 with ipfw (CAREFUL!)
Gibberish.
Let us quote directly from the source:
- in my ~/bin directory the ipfw_firewall.sh looks like this:
#!/bin/sh
#
IPFW=/sbin/ipfw
...
The question was not: "How exactly did he 'give away root'?" (as you put it). The question was: "DID [he] just give away root?" (as I put it). So did he? And did you, if you implemented the hint as originally described (with vague ownership/permissions)? I wouldn't know. That would depend on: all of your daemon script-related ownership and permissions, which the "Sat, Dec 1 '07 10:40PM PST" post here asks to clarify. (And on: what websites he/you may have visited - that's just one possibility.) Since I respect the possibility that you might really be missing something, I will clarify.
NOTE: The issue here is entirely about ownership and permissions related to: ipfw_firewall.sh. It is very bad practice to have a script like this (in a user directory like ~/bin, or some other such vague directory with vague permissions) and have it modifiable possibly by anyone. Why? Because it will run as root (e.g. during boot time, via described launchd plist). If you, or Safari (or whatever) running as user, or anyone can arbitrarily write commands to such a script, then that anything can run as root upon execution of the script. Game over, if you'd like. A daemon script like the one described in this hint, running sysctl and ipfw (or whatever) with root permissions, should itself be modifiable only by root.
REF: tn2083.html
10.5: Use a custom firewall in 10.5 with ipfw (CAREFUL!)
Thanks guys! Having the ipfw_firewall.sh script in ~/bin was too lazy of me.... I tend to keep my scripts in one place to be able to edit them easily... so I've updated the .plist for launchd and the script is now sitting in /usr/local/sbin with root:wheel permissions... |
SearchFrom our Sponsor...Latest Mountain Lion HintsWhat's New:HintsNo new hintsComments last 2 daysLinks last 2 weeksNo recent new linksWhat's New in the Forums?
Hints by TopicNews from Macworld
From Our Sponsors |
|
Copyright © 2014 IDG Consumer & SMB (Privacy Policy) Contact Us All trademarks and copyrights on this page are owned by their respective owners. |
Visit other IDG sites: |
|
|
|
Created this page in 0.09 seconds |
|