[torquedev] Liblog chk_file_sec() function bugs
Sergio Gelato
Sergio.Gelato at astro.su.se
Mon Oct 1 14:25:07 MDT 2007
* Vinod KV [2007-10-01 19:26:54 +0530]:
> Comments from the source :
>
> * To be secure, all directories (and final file) in path must be:
> * owned by uid < 10
> * owned by group < 10 if group writable
> * not have world writable unless stick bit set & this
> is allowed.
>
> I understand the stress on the security of the __files used by
> daemons__, and these three make sense for those files. But IMHO,
> applying the same for __every file/directory in the path__ , seems like
> an over-kill.
>
> Can anyone comment on this?
If you have write access to the parent directory, you can rename the file
and replace it with a symbolic link to some other location, maybe on a
different filesystem where it's easier for you to create files with
the uid/gid values you need.
That said, I fully expect sites to patch this code to suit their local
requirements. For example, I insist on uid==0 while some places may want
uid<1000 instead. I don't see any obvious one-size-fits-all solution.
More information about the torquedev
mailing list