Re: Kernel parameters protecting fifos and regular files

To: Debian Development <debian-devel@lists.debian.org>
Subject: Re: Kernel parameters protecting fifos and regular files
From: Richard Laager <rlaager@wiktel.com>
Date: Tue, 28 Jan 2020 23:38:36 -0600
Message-id: <[🔎] 419d26e9-68e6-e9c2-dc7b-3e3ae3c48206@wiktel.com>
In-reply-to: <[🔎] CALy8Cw4QkBa69FY_Vaxh0YcdBz=_HReenDM+xF_=Y5n6Q6OYLA@mail.gmail.com>
References: <[🔎] CALy8Cw4QkBa69FY_Vaxh0YcdBz=_HReenDM+xF_=Y5n6Q6OYLA@mail.gmail.com>

On 1/28/20 9:23 PM, Craig Small wrote:
> My personal preference is to lock them down by default, by setting both
> to mode 2.
FWIW: I agree. Unless massive breakage is expected, the default should
be the most secure option. If you default to secure and that breaks
something, people will be motivated to fix it (either the root issue or
by changing the setting). If you default to compatible, very few people
will find the option and tweak it, so most people will lose out on the
security. If there is massive breakage, you can back it off, of course.

-- 
Richard

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Follow-Ups:
- Adding security features (was: Kernel parameters protecting fifos and regular files)
  - From: Marvin Renich <mrvn@renich.org>

References:
- Kernel parameters protecting fifos and regular files
  - From: Craig Small <csmall@debian.org>

Prev by Date: Bug#950125: ITP: go-mmproxy -- Golang implementation of mmproxy
Next by Date: Adding security features (was: Kernel parameters protecting fifos and regular files)
Previous by thread: Kernel parameters protecting fifos and regular files
Next by thread: Adding security features (was: Kernel parameters protecting fifos and regular files)
Index(es):
- Date
- Thread