[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RC Security Flaw - mkdir & script create as 755, 644. SB &700, yes?

On Mon, 25 Feb 2002 tluxt2@yahoo.com wrote:

> > > So, by default, non root users shouldn't be given access to such
> > > things. So, by default, those bits should be off.
> > 
> > umask can do this. Any sysadmin running a multiuser system who doesn't
> > know how to use umask has far worse problems than leaving files open to
> > read.
> I think your comment is probably very true for a professional sysadmin.
> So, let's consider a possible typical case: Someone with enough knowledge to
> set up a Microsoft Windows computer to be used at his home by his family.  Now,
> such person is, on average, not a professional sysadmin.  His education and
> skills may have nothing to do with computers.  But, ultimately, for FreeSW &
> Debian to fulfill their potentials, such a person ought to be able to set up a
> Debian system for his family to use.
> Now, he probably won't know about umask.  My point is: probably he shouldn't
> need to (for the case of getting a Debian system to be a home multiuser
> system).  Perhaps there are a lot of things that a professional sysadmin would
> know that the general home sysadmin might not need to know (but could certainly
> learn if he had the desire).

But does it matter if the rest of the family can see root's config?  I can't
imagine them wanting or needing to.  If they do, well whoop-de-do - since
they've got physical access to the box, if they can do something with random
pieces of data, then they have the skill to do a lot more with physical

> As for this upcomming release, Woody, I think it might be good to try to
> have the security related default settings be appropriate for someone who
> is an average computer technician or hobbyist computer user.  He is not a
> professional sysadmin, and does not have complete sysadmin knowledge, but
> has more computer knowledge than the average head of household.

Security by obscurity is not security.  Security of network services, yes,
that is good.  Security by not allowing someone to read a config file who
will, quite likely, have physical access to the box is not good.  And it
breaks a variety of other things which the newbie sysadmin is likely to try
- as other posters have said.

I honestly think you need to ponder security issues more before making
suggestions - you sound too much like someone who thinks that NDAs and
closed source code make for a competitive and security advantage.  "If they
can't read it, they can't work out what's going on" - which, as has been
proved time and again, is complete bullschnauser.

#include <disclaimer.h>
Matthew Palmer

Reply to: