[WBEL-devel] re: 2nd RC coming?

Johnny Hughes mailing-lists@hughesjr.com
Wed, 26 Nov 2003 14:23:45 -0600 

Dave,

Sorry about the reply before.  

You are correct that the items sa1 and sa2 will try to be executed ...
but the file was a zero size text file (created with a touch) meaning
that nothing happens.  Your idea not to do it is still good, because if
someone obtained access to the machine they could change the file...I
stand corrected! (chmod 750 vice 777 would be ok) (It was a late night
and I wanted sysstats and for the e-mails to stop)!

The real fix (if you want to gather sysstats) is to edit the file
/etc/cron.d/sysstats and change the lib64 to to lib.

Thanks,
Johnny Hughes
 
On Wed, 2003-11-26 at 12:19, David E. Cox wrote:
> Below is the /etc/cron.d/sysstat file from whitebox's
> sysstat-4.0.7-4.i386.rpm 
> 
> Isn't this what invokes sa1 and sa2?
> 
> dave
> 
>   # run system activity accounting tool every 10 minutes
>   */10 * * * * root /usr/lib64/sa/sa1 1 1
>   # generate a daily summary of process accounting at 23:53
>   53 23 * * * root /usr/lib64/sa/sa2 -A
> 
> 
> On Wed, 2003-11-26 at 10:50, Johnny Hughes wrote:
> > Not true .... the file that gets run .... /usr/sbin/sa needs a text
file
> > at /usr/lib64/sa/sa1 or sa2 ...
> > 
> > the text files and directory are world writable ... the process is
not.
> > On Wed, 2003-11-26 at 08:21, David E. Cox wrote:
> > > On Tue, 2003-11-25 at 13:28, Johnny Hughes wrote:
> > > > A work around that prevents the root mailbox from filling up is
this
> > > > (as root):
> > > > 
> > > > mkdir /usr/lib64
> > > > mkdir /usr/lib64/sa
> > > > touch /usr/lib64/sa1
> > > > touch /usr/lib64/sa2
> > > > chmod -R 777 /usr/lib64
> > > > 
> > > > Johnny Hughes
> > > 
> > > Yikes! don't do this.
> > > 
> > > You've just created a world writable file that gets run as root
every 10
> > > minutes.  
> > > 
> > > "rpm -e sysstat"  will have the same effect but not introduce a
security
> > > hole.
> > > 
> > > dave
> > > 
> > 
> > _______________________________________________
> > Whitebox-devel mailing list
> > Whitebox-devel@beau.org
> > http://beau.org/mailman/listinfo/whitebox-devel