| 1 |
On Sat, Jan 28, 2017 at 10:40:59PM +0200, Alan McKinnon wrote: |
| 2 |
> On 28/01/2017 22:11, Ian Zimmerman wrote: |
| 3 |
> > I was surprised by this message on oss-security: |
| 4 |
> > |
| 5 |
> > http://www.openwall.com/lists/oss-security/2017/01/28/2 |
| 6 |
> > |
| 7 |
> > Of course this seems to be a serious flaw in portage, but here I'd like |
| 8 |
> > to just follow a tangent and ask: why should these directories be 0750? |
| 9 |
> > Mine are definitely 0755, and I think the stricter setting is just |
| 10 |
> > security by obscurity. |
| 11 |
> |
| 12 |
> It's not security by obscurity, there really are good reasons for the |
| 13 |
> suggested permissions. |
| 14 |
> […] |
| 15 |
> There are valid cases where denying read access to crontabs is |
| 16 |
> desirable, for example a command run from cron requires a password and |
| 17 |
> the only way to provide it is on the command line. Such programs exist, |
| 18 |
> and the cron app provides a way to limit exposure. |
| 19 |
|
| 20 |
Slight OT: wouldn’t the password still leak through the process list then? |
| 21 |
|
| 22 |
-- |
| 23 |
Gruß | Greetings | Qapla’ |
| 24 |
Please do not share anything from, with or about me with any social network. |
| 25 |
|
| 26 |
Work mania is a hard to explain psychic disorder, which can best |
| 27 |
be overcome with a nice cup of tee and a relaxing chat. |
Archives