Re: Permissions Required On hosts.allow ?

To: Nick Boyce <nick@glimmer.demon.co.uk>
Cc: debian-security@lists.debian.org
Subject: Re: Permissions Required On hosts.allow ?
From: Jamie Heilman <jamie@audible.transient.net>
Date: Wed, 28 Aug 2002 21:03:53 -0700
Message-id: <[🔎] 20020829040353.GM7571@audible.transient.net>
In-reply-to: <[🔎] 5ouqmukg06nmcbsa6id887948c1o5uedf2@4ax.com>
References: <[🔎] 5ouqmukg06nmcbsa6id887948c1o5uedf2@4ax.com>

> So I've opened perms up to 644 again, but this seems the wrong thing
> to do.  I realise I was only gaining a minor layer of
> security-thru-obscurity, but every little helps - surely we don't
> want this file to be world-readable ?
> 
> I note from inetd.conf that in.telnetd runs as uid.gid
> telnetd.telnetd, whereas hosts.allow has uid.gid root.root, which I
> guess is the cause of this.

correct

> Can I change this around a bit to achieve my goal - maybe make a new
> group called "foo" (say) and give that gid to in.telnetd and
> hosts.allow ... ?

Obscuring your libwrap/tcpd configuration from your local users, at
the expense of allowing services to run as seperate, non-privileged
users is a bad idea.  Privilege seperation provides a very tangible
benefit, obfuscated config files do not.

-- 
Jamie Heilman                   http://audible.transient.net/~jamie/
"It's almost impossible to overestimate the unimportance of most things."
							-John Logue

Reply to:

Follow-Ups:
- Re: Permissions Required On hosts.allow ?
  - From: "Joe Moore" <joemoore@iegrec.org>
- Re: Permissions Required On hosts.allow ?
  - From: Nick Boyce <nick@glimmer.demon.co.uk>

References:
- Permissions Required On hosts.allow ?
  - From: Nick Boyce <nick@glimmer.demon.co.uk>

Prev by Date: Re: Permissions Required On hosts.allow ?
Next by Date: Re: cryptoloop confusion
Previous by thread: Re: Permissions Required On hosts.allow ?
Next by thread: Re: Permissions Required On hosts.allow ?
Index(es):
- Date
- Thread