Re: [VANILLA-LIST:2475] Help with Linux shell init scripts

[Tom Holub <doosh@best.com>]

On Tue, Jul 13, 1999 at 10:32:57AM -0400, Alec Habig wrote:
> Bob Tanner writes:
> > 
> > If you look at the Vanilla.spec, you will see I have
> > /etc/rc.d/init.d/netrek, which will use chkconfig --add on post
> > install and a chkconfig --del on post uninstall. So, the run level
> > stuff is done. I plan to test it tonight.
> 
> So you want the default way people run a server to be as root on boot?
> 
> **shudder**
> 
> Not that I can think of any specific security holes (if I'd thought of
> one, I'd be sending a patch), but it's just Not A Good Idea to run stuff
> as root which doesn't have a very good reason for being so.

Since there was likely no thought given to security in netrek's design,
there are almost certainly dozens of potential buffer overruns; winsmack
being an example (and one which probably still isn't fixed properly in
COW).
 -Tom