[102] in linux-security and linux-alert archive
Re: tty permissions
daemon@ATHENA.MIT.EDU (Panzer Boy)
Fri Mar 10 16:35:17 1995
To: linux-security@tarsier.cv.nrao.edu
From: panzer@dhp.com (Panzer Boy)
Date: 10 Mar 1995 12:31:23 -0500
Reply-To: linux-security@tarsier.cv.nrao.edu
Thomas Briggs (tbriggs@cutter.ship.edu) wrote:
: Also, there are some utils and directories that I think ought to be
: protected by some better security, such as /sbin and /usr/sbin, I would
: not even like users seeing what was in these dirs... I've got them
: chmod'ed out of the user space as well as out of root's profile, etc,
: etc. At least this way, if a user does happen to get to be root or
: uid=0, they won't have a clear picture as to whats in those directories.
This is starting to follow the security through obscurity thing a bit.
It's nice to prevent people from running fdisk on your system, or dip.
But if anyone can compile the damn thing, and upload a static binary to
your system, you're not getting much security from it. (Some, but not much)
About the devices, these need to be looked at, and also the /proc tree
needs to be clean. I just recently noticed that /proc/net/ip_* are all
644, which is ok, though having unprivledged users reading your
ip_accounting information may not be what you had in mind when you
started using it... :)
(Is there an easy way to change these defaults privs? A chmod changes it
for only a sort period (next update I assume).)
--
-Matt (panzer@dhp.com) DI-1-9026
"That which can never be enforced should not be prohibited."
