Re: negative group permissions?

From: jb <jb.1234abcd_at_gmail.com>
Date: Wed, 29 Feb 2012 10:19:21 +0000 (UTC)
Anton Shterenlikht <mexas <at> bristol.ac.uk> writes:

> ... 
> To the best of my knowledge the security warning started
> to appear recently. For the previous 2 years or so I haven't
> seen it. Now, I didn't modify the default security scripts,
> nor the lpd system. The file is created with this permissions
> because the OS created it like this, not me. I've no idea
> why my file is 0641 instead of 0661.

I would suggest (if you can) that you change the .seq permissions to 0664 and
watch what happens to it - the purpose is to narrow down who/what changed its
mode.
Some history. logs. and some ad hoc "watch script" would do it.

> 
> So, given that the lpr.c hasn't changed for years,
> perhaps the periodic scripts have, and what was
> earlier considered fine now is considered serious enough
> to issue a security warning.
> 
> In any case, it seems either lpr.c needs to be changed,
> or if 0661 is necessary, then the periodic sripts need to
> be changed to ignore this file.
> 

The periodic script is OK.
Here is the author's view:
http://lists.freebsd.org/pipermail/freebsd-hackers/2010-October/033256.html
jb
Received on Wed Feb 29 2012 - 09:19:37 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:24 UTC