bug-sh-utils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: nohup.out and Symlinks


From: Bob Proulx
Subject: Re: nohup.out and Symlinks
Date: Sun, 10 Jun 2001 21:32:46 -0600

> When nohup runs a program whose output is a terminal, it redirects
> stdout and stderr to a file named nohup.out in the current
> directory.

So far so good.

> What would stop someone from creating a symlink called nohup.out
> that points to /etc/passwd or some other important file, and then
> waiting for root to run nohup?

Absolutely nothing at all would prevent that.  Using superuser access
comes with a responsibility.  Of course we should strive to avoid
using root except when we need it.  And when it is used the user must
be careful.

Note that nohup *appends* to nohup.out and does not change permissions
if it exists.  Therefore you could only get the output of a root run
command to appear appended to a file.  I believe you were expected it
to truncate the /etc/passwd file and that won't happen.

> Hopefully I'm missing something, but if I'm not, I think this
> qualifies as a bug.

I believe it was Andrew Koenig who once proposed the following thought
problem (originally about C programming, but it applies here too)
which I will paraphrase from memory.  Have you ever cut yourself on a
kitchen knife?  [Of course we all have at one time or another.]  Could
you design a new kitchen knife that you could not cut yourself with?
Would you use such a knife yourself?

I do not believe there is a bug here.

Bob




reply via email to

[Prev in Thread] Current Thread [Next in Thread]