[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Permissions Required On hosts.allow ?

On Fri, Aug 30, 2002 at 01:47:52AM -0700, Jamie Heilman wrote:
> All that aside, if you run a fairly modest server without too many
> oddball requirements, you can probably make the supplementary groups
> hack work with relatively low pain.  You've bought yourself a bit more
> maintenance overhead, and you haven't altered your fundamental
> vulnerability to compromise at all (by which I mean if the services
> you run and the configurations you run them with actually have
> exploitable bugs in them or not), but hey, at least your users won't be
> able to read those files.  And thats, um, something.

He can probably reduce the pain somewhat by using cfengine to
rewrite protections and ownerships. That way if he updates the
next cfengine run will set everything to spec. Otherwise his
life will be an eternal priv violation chase.

    Nuke bin Laden:           Dale Amon, CEO/MD
  improve the global          Islandone Society
     gene pool.               www.islandone.org

Reply to: