1 |
On Sat, Jan 28, 2017 at 10:40:59PM +0200, Alan McKinnon wrote: |
2 |
> On 28/01/2017 22:11, Ian Zimmerman wrote: |
3 |
> > I was surprised by this message on oss-security: |
4 |
> > |
5 |
> > http://www.openwall.com/lists/oss-security/2017/01/28/2 |
6 |
> > |
7 |
> > Of course this seems to be a serious flaw in portage, but here I'd like |
8 |
> > to just follow a tangent and ask: why should these directories be 0750? |
9 |
> > Mine are definitely 0755, and I think the stricter setting is just |
10 |
> > security by obscurity. |
11 |
> |
12 |
> It's not security by obscurity, there really are good reasons for the |
13 |
> suggested permissions. |
14 |
> […] |
15 |
> There are valid cases where denying read access to crontabs is |
16 |
> desirable, for example a command run from cron requires a password and |
17 |
> the only way to provide it is on the command line. Such programs exist, |
18 |
> and the cron app provides a way to limit exposure. |
19 |
|
20 |
Slight OT: wouldn’t the password still leak through the process list then? |
21 |
|
22 |
-- |
23 |
Gruß | Greetings | Qapla’ |
24 |
Please do not share anything from, with or about me with any social network. |
25 |
|
26 |
Work mania is a hard to explain psychic disorder, which can best |
27 |
be overcome with a nice cup of tee and a relaxing chat. |