From 15d69131fb48bcddfa4f2be62d9798814a3c5748 Mon Sep 17 00:00:00 2001 From: Tom Rhodes Date: Thu, 11 May 2006 22:05:45 +0000 Subject: [PATCH] Fix some simple typos which could cause great havoc. Mainly fix label settings. These would not have caused any large issues, just opened a hole for root to bypass the security. Noticed by: Borja Marcos --- en_US.ISO8859-1/books/handbook/mac/chapter.sgml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/en_US.ISO8859-1/books/handbook/mac/chapter.sgml b/en_US.ISO8859-1/books/handbook/mac/chapter.sgml index cfb3bf90b0..16cfac41a9 100644 --- a/en_US.ISO8859-1/books/handbook/mac/chapter.sgml +++ b/en_US.ISO8859-1/books/handbook/mac/chapter.sgml @@ -1776,7 +1776,7 @@ test: biba/low :passwordtime=91d:\ :umask=022:\ :ignoretime@:\ -:label=biba/10: +:label=biba/10(10-10): And adding the following line to the default user class: @@ -1822,8 +1822,8 @@ mac_seeotheruids_load="YES" Drop the nagios and www users into the insecure class: - &prompt.root; pw usermod nagios -L default - &prompt.root; pw usermod www -L default + &prompt.root; pw usermod nagios -L insecure + &prompt.root; pw usermod www -L insecure @@ -1937,8 +1937,8 @@ default_labels socket ?biba make this happen: &prompt.root; cd /etc/mail && make stop && \ -setpmac biba/equal make start && setpmac biba/10 apachectl start && \ -setpmac biba/10 /usr/local/etc/rc.d/nagios.sh forcestart +setpmac biba/equal make start && setpmac biba/10\(10-10\) apachectl start && \ +setpmac biba/10\(10-10\) /usr/local/etc/rc.d/nagios.sh forcestart Double check to ensure that everything is working properly. If not, check the log files or error messages. Use