[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#3189: nvi over-cautious about .exrc?

Bill Mitchell
> On Tue, 4 Jun 1996, Ian Jackson wrote:
> >It is not the business of programs to check the permissions of the
> >dotfiles in users' home directories.
> I agree.  I chased my tail for quite a while some time back because of
> what I recall as procmail's concern over the permissions on my .forward
> file.  It didn't complain, it just didn't work as I expected from reading
> the docs.

But for a large system with many users (of varying levels of clue) it
is very beneficial for the SysAdmin that a user can't accidentally create
a writeable .forward file.  With a large enough system, a hacker could
just look for a writeable .forward and, statistically, be fairly sure to
find one.

I think /some/ apps need to check permissions to prevent inevitable security 
holes from popping up.  Ideally, those permission requirements should be

1. minimal - i.e. "no write access for group/other on .forward"


2. well documented

This may not be important for nvi, though I think it is, but it is clear
to me that it *is* the business of some programs to check permissions.
Not all Debian users will be as smart as Debian installers/admins.


Reply to: