Re: libpam-mysql, libnss-mysql config files rights

To: Emmanuel Lacour <elacour@easter-eggs.com>
Cc: debian-security@lists.debian.org
Subject: Re: libpam-mysql, libnss-mysql config files rights
From: Guillaume Morin <guillaume@morinfr.org>
Date: Sun, 20 Jan 2002 16:08:29 +0100
Message-id: <[🔎] 20020120150829.GA1144@morinfr.org>
Mail-followup-to: Emmanuel Lacour <elacour@easter-eggs.com>, debian-security@lists.debian.org
In-reply-to: <[🔎] 20020120143813.GA4872@easter-eggs.com>
References: <[🔎] 20020120143813.GA4872@easter-eggs.com>

Dans un message du 20 Jan à 15:38, Emmanuel Lacour écrivait :
> Same idea can be applied to /etc/nss-mysql.conf and
> /etc/nss-mysql-root.conf (as explained in the README of the package!)

/etc/nss-mysql-root.conf should be 0600 and owned by root or nss-mysql
will refuse to work. There is no real security bug here.

Concerning nss-mysql.conf, it should be readable by anybody because
everybody should be able to /etc/passwd. However, a side effect of using
nscd allows you to restrict the rights of nss-mysql.conf to the user
under which nscd runs. But if nscd crashes, nss-mysql will stop to work.

HTH.

-- 
Guillaume Morin <guillaume@morinfr.org>

                 People get the operating system they deserve.

Reply to:

References:
- libpam-mysql, libnss-mysql config files rights
  - From: Emmanuel Lacour <elacour@easter-eggs.com>

Prev by Date: libpam-mysql, libnss-mysql config files rights
Next by Date: Re: Mailserver HDD organization
Previous by thread: libpam-mysql, libnss-mysql config files rights
Next by thread: FTP Bounce scan
Index(es):
- Date
- Thread