[Fedora-packaging] Have secure by default permissions for configuration and log files
Kurt Seifried
kseifried at redhat.com
Thu Jun 18 17:26:17 UTC 2015
https://fedorahosted.org/fpc/ticket/543
Have secure by default permissions for configuration and log files
[edit] Proposed change
All configuration files (e.g. files in /etc/) and all log files (e.g.
files in /var/log/) must not be set world-readable unless there is a
functional reason to do so. By default, configuration files should be
chmod 600 or 0640 and log files should be chmod 0600. This is due to a
continuing number of security issues with world readable files that
contain sensitive information (e.g. passwords and access tokens or
logged usernames and commands for example).
Some examples:
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=configuration+file+permissions
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=log+file+permissions
https://fedoraproject.org/wiki/Kurtseifried/secure_config_and_log_permissions
Thanks!
--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert at redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/packaging/attachments/20150618/8a2e6657/attachment.sig>
More information about the packaging
mailing list