Quoting Steve Grubb (sgrubb(a)redhat.com):
On Sunday 26 July 2009 08:54:26 pm Steve Grubb wrote:
> > I trust you meant to write 0555?
>
> No, I really mean 005 so that root daemons are using public permissions.
> Admins of course have DAC_OVERRIDE and can do anything. Try the script in a
> VM and tell me if there are any problems you see.
I should elaborate more. The issue is that sometimes there are secrets that
root admins have access to that should not be available to semi-trusted
daemons. For example, any private keys in /root or /etc. You do not want any
daemon that could be compromised to have access to these. So, its safest just
to set the permissions to 0005 so that they have no access to /root.
But 0555 will also prevent root without CAP_DAC_OVERRIDE from writing, no?
Using 0005 will mean root also needs CAP_DAC_OVERRIDE to read/execute, which
seems a bit much. Suddenly it needs extra privilege if i just want it to
be able to execute /bin/date. That actually seems less secure in any real
system.
I expect a few corner cases, but other than /etc/resolve.conf I
don't know of
any problems.
-Steve
--
fedora-devel-list mailing list
fedora-devel-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list