[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Permissions Required On hosts.allow ?

On Thu, Aug 29, 2002 at 02:51:14AM +0100, Nick Boyce wrote:
> I decided to start locking down permissions on "sensitive" files on a
> recently installed Woody box, and discovered that when I changed the
> permissions on "hosts.allow" (and "hosts.deny") to 640 then I could no
> longer Telnet into the box from the permitted IP address (never mind
> denied addresses).  /var/log/daemon.log had messages in it to the
> effect that tcpd couldn't read hosts.allow, so was denying the
> connection.

Maybe this is a lame question in response, but why would users being able
to see hosts.allow and hosts.deny constitute a security hole?  As long
as the files are not world writable, then you shouldn't have a problem.
(Maybe there's a small problem with keeping the workstations that can
access this machine secure, but you do have intrusion detection software,
chkrootkit, and backups, right?)

Edward Guldemond

Key fingerprint:  29FF 2969 A04E F934 3F03  
                  4329 BC56 3AA7 2F57 6735

Attachment: pgpfQR_Xp7c5l.pgp
Description: PGP signature

Reply to: