[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: correct perms for logcheck config files?



Matt Zimmerman wrote:
> I think it is not helpful to restrict read permission on these files.
> Module local modifications, anyone can get a copy from the Debian archive,
> so their contents are not secret.  The same justification applies as for not
> restricting permissions on setuid executables, as documented in the policy
> manual.

But this is different from suid executables or game data files because
these are conffiles that the admin is encouraged to edit when needed.

The scenario I thought up is as follows: The admin wants to make a local
modification to one or more files. Say he is adding some rules to
ignore, so this has some security implications if an attacker can work
out what change he made. An attacker might try to look at the files, and
see if a message will be ignored. So he could make them 600. A very
determined attacker could cross-reference the installed version of a
package with a database of file sizes and figure out if a file has had
rules added to it, but this is not likely to be too useful. If he was
very paranoid though, he could make the whole directory 700 and avoid
this.

The tradoff with making the directory 700 by default is that it makes
life harder for the admin when he's not root. Pretty minor but so is the
advantage to 700 of the time. For mode 600 files the disadvantage is
that the admin can more easily leak evidence by default (backup files,
bad umask, bad editor, whatever), and that it's still not 100%
approachable as a regular user.

Which of the three is a good default I don't know. Maybe it doesn't
matter beyond that we need _a_ default so the admin has a consistent
starting place from which to determine his own policy.

> I think the files should be 644, directories 755 (currently the directories
> are unreadable as well, which is quite inconvenient).

IIRC the directories are only unreadable on older installs, or perhaps
on installs that had a certian package installed first. It's fairly
random.

-- 
see shy jo

Attachment: pgprcqGaS4jrD.pgp
Description: PGP signature


Reply to: