| 1 |
On 12/10/2017 08:10 PM, Ian Zimmerman wrote: |
| 2 |
> $ for f in /etc/at/at.deny /etc/cron.hourly/0anacron |
| 3 |
> /etc/default/useradd ; do |
| 4 |
> ls -l $f ; qfile $f ; |
| 5 |
> done |
| 6 |
> -rw-r----- 1 root at 166 Dec 10 16:57 /etc/at/at.deny |
| 7 |
> sys-process/at (/etc/at/at.deny) |
| 8 |
> -rwxr-x--- 1 root root 392 Nov 4 21:04 /etc/cron.hourly/0anacron |
| 9 |
> sys-process/cronie (/etc/cron.hourly/0anacron) |
| 10 |
> -rw------- 1 root root 96 Aug 14 10:57 /etc/default/useradd |
| 11 |
> sys-apps/shadow (/etc/default/useradd) |
| 12 |
> |
| 13 |
> None of these seem sensitive to me, and restricting them like this looks |
| 14 |
> like a case of SBO. |
| 15 |
|
| 16 |
I realized that you meant "security by obscurity" after a while, but the |
| 17 |
first google result is "small bowel obstruction" =P |
| 18 |
|
| 19 |
It's probably just the principle of least privilege in play. If no one |
| 20 |
other than root needs to read those files, then no one other than root |
| 21 |
should be able to read those files. The at.deny and default/useradd |
| 22 |
files might be overkill, but I would still rather be safe than sorry. |
| 23 |
|
| 24 |
But for anacron: people are stupid enough to put passwords in there. |
Archives