Re: Exploit in Upgrade Chain?
On Thu, 12 Feb 2009 15:32:57 +0100
"Giacomo A. Catenazzi" <cate@cateee.net> wrote:
> Boyd Stephen Smith Jr. wrote:
...
> > I don't see how a 600 /etc can be exploited. Do you have any other records
> > that would indicate you are exploited, or is this just fear-mongering?
>
> /etc with 600 is a grave error!
> /etc/ must be accessible for the following reasons:
> - debian alternatives (and some posix program requires i.e. "editor" command)
> - networking: libc need to read some file (resolver, hostname, ...), and this
> is done in normal user context
> - passwd must be public (indirectly required by POSIX)
> - etc has configuration of daemon, which could read such configuration
> in different deamon context (not root). This is true especially by
> reloading configuration
> - and a lot more reasons.
>
> Some files must be protected, not the entire /etc.
I'm sure he knows it's an error; his point is just that it's not
exploitable.
Celejar
--
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator
Reply to: