On Thu, Aug 29, 2002 at 02:51:14AM +0100, Nick Boyce wrote:
>
> I decided to start locking down permissions on "sensitive" files on a
> recently installed Woody box, and discovered that when I changed the
> permissions on "hosts.allow" (and "hosts.deny") to 640 then I could no
> longer Telnet into the box from the permitted IP address (never mind
> denied addresses). /var/log/daemon.log had messages in it to the
> effect that tcpd couldn't read hosts.allow, so was denying the
> connection.
>
Maybe this is a lame question in response, but why would users being able
to see hosts.allow and hosts.deny constitute a security hole? As long
as the files are not world writable, then you shouldn't have a problem.
(Maybe there's a small problem with keeping the workstations that can
access this machine secure, but you do have intrusion detection software,
chkrootkit, and backups, right?)
--
------------------------------------------
Edward Guldemond
Key fingerprint: 29FF 2969 A04E F934 3F03
4329 BC56 3AA7 2F57 6735
Attachment:
pgpfQR_Xp7c5l.pgp
Description: PGP signature