>corrected. The spellhist file, however, still uses the same permissions as
>Solaris 7 did. Granted this issue wont result in a root
>compromise it does allow for users to fill up the /var partition without
>having root access.
The 666 permissions are required for spell to work as designed and
removing the world write permissions to the file will break spell:
$ spell
tee: /var/adm/spellhist: Permission denied
See the files/notes section of spell(1).
FILES
...
H_SPELL=/var/adm/spellhist
history file
NOTES
Misspelled words can be monitored by default by setting the
H_SPELL variable in /usr/bin/spell to the name of a file
that has permission mode 666.
Now given that /usr/bin/spell is a ksh script if you don't want this
feature then change the following line to have /dev/null instead of
/var/adm/spellhist. Users can then set H_SPELL themselves if they
want their own spellhist file.
H_SPELL=${H_SPELL:-/var/adm/spellhist}
>(Yes, I know /var/tmp exists and would allow for the same thing.)
That and a whole list of others including
/var/mail
/var/preserve
/var/spool/uucppublic
Running atjobs.
--
Darren J Moffat
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:31:07 PDT