>corrected. The spellhist file, however, still uses the same permissions as >Solaris 7 did. Granted this issue wont result in a root >compromise it does allow for users to fill up the /var partition without >having root access. The 666 permissions are required for spell to work as designed and removing the world write permissions to the file will break spell: $ spell tee: /var/adm/spellhist: Permission denied See the files/notes section of spell(1). FILES ... H_SPELL=/var/adm/spellhist history file NOTES Misspelled words can be monitored by default by setting the H_SPELL variable in /usr/bin/spell to the name of a file that has permission mode 666. Now given that /usr/bin/spell is a ksh script if you don't want this feature then change the following line to have /dev/null instead of /var/adm/spellhist. Users can then set H_SPELL themselves if they want their own spellhist file. H_SPELL=${H_SPELL:-/var/adm/spellhist} >(Yes, I know /var/tmp exists and would allow for the same thing.) That and a whole list of others including /var/mail /var/preserve /var/spool/uucppublic Running atjobs. -- Darren J Moffat
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:31:07 PDT