[PATCH] iptables, ipnatctl -> /sbin

Daniel Stone tamriel@ductape.net
Sat, 6 Nov 1999 17:43:36 +1100


--Boundary-=_nWlrBbmQBhCDarzOwKkYHIDdqSCD
Content-Type: text/plain
Content-Transfer-Encoding: 8bit

Guys,
	There was a fix (included in .10 if I recall correctly) that fixed
a bug that allowed non-root users to modify the packet filter tables. But,
there's another problem vaguely like this - but this time in the
Makefiles. iptables and ipnatctl, which, for security reasons, should only
be accessible by root, are in /usr/local/bin - a world-readable executable
dir ?!? I've included a patch that adds a new var - SBINDIR (which is
/usr/sbin), and patches the NAT/userspace Makefile and the
packet-filter/userspace Makefile to send iptables and ipnatctl to SBINDIR,
where they belong. (note : I used /usr/sbin because I've never, ever seen
anything go to /usr/local/sbin).

Suggestions, constructive criticism welcome
=) d
--Boundary-=_nWlrBbmQBhCDarzOwKkYHIDdqSCD
Content-Type: text/plain;
  name="patch-to-sbin"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="patch-to-sbin"

ZGlmZiAtVSAyIC1yIG5ldGZpbHRlci0wLjEuMTItc3RvY2svTWFrZWZpbGUgbmV0ZmlsdGVyLTAu
MS4xMi9NYWtlZmlsZQotLS0gbmV0ZmlsdGVyLTAuMS4xMi1zdG9jay9NYWtlZmlsZQlGcmkgTm92
ICA1IDE1OjQ5OjA0IDE5OTkKKysrIG5ldGZpbHRlci0wLjEuMTIvTWFrZWZpbGUJU2F0IE5vdiAg
NiAxNzozNDo1MiAxOTk5CkBAIC0xNCw0ICsxNCw1IEBACiBMSUJESVI6PS91c3IvbG9jYWwvbGli
CiBCSU5ESVI6PS91c3IvbG9jYWwvYmluCitTQklORElSOj0vdXNyL3NiaW4KIE1BTkRJUjo9L3Vz
ci9sb2NhbC9tYW4KIApkaWZmIC1VIDIgLXIgbmV0ZmlsdGVyLTAuMS4xMi1zdG9jay9OQVQvdXNl
cnNwYWNlL01ha2VmaWxlIG5ldGZpbHRlci0wLjEuMTIvTkFUL3VzZXJzcGFjZS9NYWtlZmlsZQot
LS0gbmV0ZmlsdGVyLTAuMS4xMi1zdG9jay9OQVQvdXNlcnNwYWNlL01ha2VmaWxlCU1vbiBOb3Yg
IDEgMTQ6Mzg6MjAgMTk5OQorKysgbmV0ZmlsdGVyLTAuMS4xMi9OQVQvdXNlcnNwYWNlL01ha2Vm
aWxlCVNhdCBOb3YgIDYgMTc6Mzg6NDcgMTk5OQpAQCAtNCw1ICs0LDUgQEAKIEVYVFJBX0RFUEVO
RFMrPU5BVC91c2Vyc3BhY2UvLmRlcGVuZAogU0hBUkVEX0xJQlMrPU5BVC91c2Vyc3BhY2UvbGli
aXBuYXRfcHJvdG9fNi5zbyBOQVQvdXNlcnNwYWNlL2xpYmlwbmF0X3Byb3RvXzE3LnNvCi1FWFRS
QV9JTlNUQUxMUys9JChERVNURElSKSQoTElCRElSKS9pcG5hdGN0bC9saWJpcG5hdF9wcm90b182
LnNvICQoREVTVERJUikkKExJQkRJUikvaXBuYXRjdGwvbGliaXBuYXRfcHJvdG9fMTcuc28gJChE
RVNURElSKSQoTUFORElSKS9tYW44L2lwbmF0Y3RsLjggJChERVNURElSKSQoQklORElSKS9pcG5h
dGN0bAorRVhUUkFfSU5TVEFMTFMrPSQoREVTVERJUikkKExJQkRJUikvaXBuYXRjdGwvbGliaXBu
YXRfcHJvdG9fNi5zbyAkKERFU1RESVIpJChMSUJESVIpL2lwbmF0Y3RsL2xpYmlwbmF0X3Byb3Rv
XzE3LnNvICQoREVTVERJUikkKE1BTkRJUikvbWFuOC9pcG5hdGN0bC44ICQoREVTVERJUikkKFNC
SU5ESVIpL2lwbmF0Y3RsCiAKIGlmbmRlZiBNQUtFRklMRV9JTkNMVURFRApAQCAtMjEsNiArMjEs
NiBAQAogCW1ha2VkZXBlbmQgLWYgLSAtLSAkKENGTEFHUykgLS0gTkFUL3VzZXJzcGFjZS9pcG5h
dGN0bC5jID4gJEAKIAotJChERVNURElSKSQoQklORElSKS9pcG5hdGN0bDogTkFUL3VzZXJzcGFj
ZS9pcG5hdGN0bAotCUBbIC1kICQoREVTVERJUikkKEJJTkRJUikgXSB8fCBta2RpciAtcCAkKERF
U1RESVIpJChCSU5ESVIpCiskKERFU1RESVIpJChTQklORElSKS9pcG5hdGN0bDogTkFUL3VzZXJz
cGFjZS9pcG5hdGN0bAorCUBbIC1kICQoREVTVERJUikkKFNCSU5ESVIpIF0gfHwgbWtkaXIgLXAg
JChERVNURElSKSQoU0JJTkRJUikKIAljcCAkPCAkQAogCmRpZmYgLVUgMiAtciBuZXRmaWx0ZXIt
MC4xLjEyLXN0b2NrL3BhY2tldC1maWx0ZXIvdXNlcnNwYWNlL01ha2VmaWxlIG5ldGZpbHRlci0w
LjEuMTIvcGFja2V0LWZpbHRlci91c2Vyc3BhY2UvTWFrZWZpbGUKLS0tIG5ldGZpbHRlci0wLjEu
MTItc3RvY2svcGFja2V0LWZpbHRlci91c2Vyc3BhY2UvTWFrZWZpbGUJTW9uIE9jdCAyNSAxNjow
Mzo0MiAxOTk5CisrKyBuZXRmaWx0ZXItMC4xLjEyL3BhY2tldC1maWx0ZXIvdXNlcnNwYWNlL01h
a2VmaWxlCVNhdCBOb3YgIDYgMTc6MzA6MDYgMTk5OQpAQCAtOCw1ICs4LDUgQEAKIGVsc2UKIAot
RVhUUkFfSU5TVEFMTFMrPSQoREVTVERJUikkKEJJTkRJUikvaXB0YWJsZXMgJChERVNURElSKSQo
TUFORElSKS9tYW44L2lwdGFibGVzLjgKK0VYVFJBX0lOU1RBTExTKz0kKERFU1RESVIpJChTQklO
RElSKS9pcHRhYmxlcyAkKERFU1RESVIpJChNQU5ESVIpL21hbjgvaXB0YWJsZXMuOAogCiBpZm5k
ZWYgSVBUX0xJQkRJUgpAQCAtMTcsNiArMTcsNiBAQAogCSQoQ0MpICQoQ0ZMQUdTKSAtRElQVF9M
SUJfRElSPVwiJChJUFRfTElCRElSKVwiIC1yZHluYW1pYyAtbyAkQCAkXiAtbGRsCiAKLSQoREVT
VERJUikkKEJJTkRJUikvaXB0YWJsZXM6IHBhY2tldC1maWx0ZXIvdXNlcnNwYWNlL2lwdGFibGVz
Ci0JQFsgLWQgJChERVNURElSKSQoQklORElSKSBdIHx8IG1rZGlyIC1wICQoREVTVERJUikkKEJJ
TkRJUikKKyQoREVTVERJUikkKFNCSU5ESVIpL2lwdGFibGVzOiBwYWNrZXQtZmlsdGVyL3VzZXJz
cGFjZS9pcHRhYmxlcworCUBbIC1kICQoREVTVERJUikkKFNCSU5ESVIpIF0gfHwgbWtkaXIgLXAg
JChERVNURElSKSQoU0JJTkRJUikKIAljcCAkPCAkQAogCg==

--Boundary-=_nWlrBbmQBhCDarzOwKkYHIDdqSCD--