On Wed, Feb 29, 2012 at 04:18:45PM +0000, jb wrote: > Ian Lepore <freebsd <at> damnhippie.dyndns.org> writes: > > > ... > > It's not a > > directory or executable file in the first place, so making it executable > > for everyone except the owner and group is not some sort of subtle > > security trick, it's just meaningless. > > ... > > Is it meaningless ? > > Example: > # cat /var/spool/output/lpd/.seq > #! /usr/local/bin/bash > touch /tmp/jb-test-`echo $$` > > # ls -al /var/spool/output/lpd/.seq > -rw-r----x 1 root daemon 54 Feb 29 17:05 /var/spool/output/lpd/.seq > # /var/spool/output/lpd/.seq > # > # ls /tmp/jb* > /tmp/jb-test-61789 > > # chmod 0640 /var/spool/output/lpd/.seq > # ls -al /var/spool/output/lpd/.seq > -rw-r----- 1 root daemon 52 Feb 29 17:11 /var/spool/output/lpd/.seq > # /var/spool/output/lpd/.seq > su: /var/spool/output/lpd/.seq: Permission denied > # > Giving execute bit to others by security means to allow others to search for that file and find it. If its not there then the process created by current user will not be able to read the file since they are not part of the daemon group. I would assume that sometimes the contents of .seq was judged to be insecure for whatever reason but judged that a user should be able to still in a sense read the file without reading its contents. Negative perms are not harmful. I do suppose a 'daily_status_security_neggrpperm_dirs=' variable should be added here to control which directories are being scanned much like chknoid. -- ;s =;Received on Wed Feb 29 2012 - 15:41:29 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:24 UTC