[PATCH] iptables, ipnatctl -> /sbin

Greg Lee tatsu@icomm1.com
Sat, 6 Nov 1999 09:37:32 -0800 (PST)


On Sat, 6 Nov 1999, Daniel Stone wrote:

-Guys,
-	There was a fix (included in .10 if I recall correctly) that fixed
-a bug that allowed non-root users to modify the packet filter tables. But,
-there's another problem vaguely like this - but this time in the
-Makefiles. iptables and ipnatctl, which, for security reasons, should only
-be accessible by root, are in /usr/local/bin - a world-readable executable
-dir ?!? I've included a patch that adds a new var - SBINDIR (which is
-/usr/sbin), and patches the NAT/userspace Makefile and the
-packet-filter/userspace Makefile to send iptables and ipnatctl to SBINDIR,
-where they belong. (note : I used /usr/sbin because I've never, ever seen
-anything go to /usr/local/sbin).
-
-Suggestions, constructive criticism welcome
-=) d

I really like the idea because root by default on the Mandrake (and i
think RedHat) have roots path set to include /usr/sbin but not
/usr/local/bin  that made it slightly harder to get working the first time
because I expected it to install somewhere root would likely see it.

Just my $0.02

Gregory Lee
////////////////////////////////////////////////
   E-mail  : tatsu@tatsu.dynip.com              
   Web Page: http://tatsu.dynip.com/            
////////////////////////////////////////////////