Re: rwxr-xr-x /root

[David Schleef <ds@stm.lbl.gov>]

On Mon, Nov 13, 2000 at 08:40:54PM -0700, John Galt wrote:
> 
> How about something akin to the FreeBSD new "securelevel"?  Basically a
> one time setup metric of how secure the sysop wants to be.  0 allows
> rhosts and XDMCP, while high (5? 10?) closes all outside ports by default,
> sets passwords on everything that it's possible to set a password on,
> makes nothing SUID, and sets a paranoid umask like 700.  This will solve
> the "why isn't $favorite_paranoid_security_setting enabled by
> default?" stuff that's been floating around as of late (the umask thread,
> the MBR/lilo thread here and on bugtraq...), or at least puts the onus
> back on the individual sysop--"well it's in securelevel foo: if you're
> THAT paranoid, why aren't you using it?"

(I was about to post a message that said essentially the same thing,
so I'll play devil's advocate... =) )


There are really three security barriers that people might
want to change the preferences of:

  - network to system
  - user to system
  - user to user

Naturally, the default umask issue would fall under category 3.
Suid issues would be 2 (sometimes 1), etc.  A typical workgroup
server would have moderate network security, and low user-to-user
security, to make it easy to share data.  A ISP shell server
would have high user-to-user and user-to-system security, and
(probably) low network security (if it supported telnet.)





dave...