Re: /etc/permissions

From: Matt Piechota (piechota@argolis.org)
Date: 12/13/01


Date: Thu, 13 Dec 2001 12:36:18 -0500 (EST)
From: Matt Piechota <piechota@argolis.org>
To: Haikal Saadh <wyldephyre2@yahoo.com>

On Thu, 13 Dec 2001, Haikal Saadh wrote:

> I just ran tiger on a 4.4R box today, and it mentioned that most the
> files in /etc have perms that shouldn't be there...likewise, auscert's
> unix security checklist recommended removing world read perms from quite
> a few files. Have the permissions been overlooked, or is there some
> design issue that I've missed out on? Common sense dictates that the
> files in /etc/ should only be root accessible, right?

Not really. If I run 'ls -l', ls needs to be able to read passwd to
match the uid's on the inode to a username. If I can't read the file
normally, ls (running as me) won't be able to either. I'd imagine there
some things that could go without people being able to read them, but to
me that's just security by obscurity, and doesn't really buy much. Except
making it harder to do system maintenance without being logged in as root.

-- 
Matt Piechota
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message