1 |
On 28/01/2017 22:11, Ian Zimmerman wrote: |
2 |
> I was surprised by this message on oss-security: |
3 |
> |
4 |
> http://www.openwall.com/lists/oss-security/2017/01/28/2 |
5 |
> |
6 |
> Of course this seems to be a serious flaw in portage, but here I'd like |
7 |
> to just follow a tangent and ask: why should these directories be 0750? |
8 |
> Mine are definitely 0755, and I think the stricter setting is just |
9 |
> security by obscurity. |
10 |
> |
11 |
> What is your opinion? |
12 |
> |
13 |
|
14 |
It's not security by obscurity, there really are good reasons for the |
15 |
suggested permissions. |
16 |
|
17 |
The cron.allow and cron.dent files allow specific user to have and run |
18 |
crontabs, but does nothing to prevent other users from looking at them. |
19 |
|
20 |
There are valid cases where denying read access to crontabs is |
21 |
desirable, for example a command run from cron requires a password and |
22 |
the only way to provide it is on the command line. Such programs exist, |
23 |
and the cron app provides a way to limit exposure. |
24 |
|
25 |
|
26 |
|
27 |
|
28 |
-- |
29 |
Alan McKinnon |
30 |
alan.mckinnon@×××××.com |