/usr/sbin/validate clash with /usr/bin/validate
Adam Jackson
ajax at redhat.com
Wed May 23 18:33:11 UTC 2012
On Wed, 2012-05-23 at 14:22 -0400, Paul Wouters wrote:
> I just got caught in having two different "validate" commands in my
> path.
>
> The /usr/bin/validate version is from the dnssec-tools package. It has a
> man page and usage info and is a tool to diagnose dnssec lookups.
>
> The /usr/sbin/validate version is from the mod_auth_shadow package. It
> has no man page, no usage, no -h or --help. It is executed by the apache
> server to read /etc/shadow to do user auth. It is setuid root, and not
> meant to be executed by a user.
>
> I suggest moving /usr/sbin/validator into /usr/libexec, and probably
> talking to Dan Walsh about using SElinux to further restrict it so it
> cannot be executed by users or cgis.
We're (sort of) trying to phase out /usr/libexec in favor of
%{_libdir}/%{name}/foo, but otherwise that sounds good.
- ajax
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20120523/831ce34c/attachment.sig>
More information about the devel
mailing list