| 1 |
On 28/01/2017 22:11, Ian Zimmerman wrote: |
| 2 |
> I was surprised by this message on oss-security: |
| 3 |
> |
| 4 |
> http://www.openwall.com/lists/oss-security/2017/01/28/2 |
| 5 |
> |
| 6 |
> Of course this seems to be a serious flaw in portage, but here I'd like |
| 7 |
> to just follow a tangent and ask: why should these directories be 0750? |
| 8 |
> Mine are definitely 0755, and I think the stricter setting is just |
| 9 |
> security by obscurity. |
| 10 |
> |
| 11 |
> What is your opinion? |
| 12 |
> |
| 13 |
|
| 14 |
It's not security by obscurity, there really are good reasons for the |
| 15 |
suggested permissions. |
| 16 |
|
| 17 |
The cron.allow and cron.dent files allow specific user to have and run |
| 18 |
crontabs, but does nothing to prevent other users from looking at them. |
| 19 |
|
| 20 |
There are valid cases where denying read access to crontabs is |
| 21 |
desirable, for example a command run from cron requires a password and |
| 22 |
the only way to provide it is on the command line. Such programs exist, |
| 23 |
and the cron app provides a way to limit exposure. |
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
-- |
| 29 |
Alan McKinnon |
| 30 |
alan.mckinnon@×××××.com |
Archives