[16207] in bugtraq
Re: reporting local security problems for WinNT (Re: Escalation
daemon@ATHENA.MIT.EDU (der Mouse)
Sat Aug 12 00:56:08 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Message-ID: <200008111628.MAA16162@Twig.Rodents.Montreal.QC.CA>
Date: Fri, 11 Aug 2000 12:28:46 -0400
Reply-To: der Mouse <mouse@RODENTS.MONTREAL.QC.CA>
From: der Mouse <mouse@RODENTS.MONTREAL.QC.CA>
To: BUGTRAQ@SECURITYFOCUS.COM
> Checking permissions at install time isn't sufficient. They may
> change later, and never be caught. The program should verify the
> integrity of the system as often as possible.
...within reason. Installing a cronjob that checks every minute, for
example, would be excessive.
> Sendmail does a really good job of checking permissions on everything
> every time it does something. It may slow things down some, but it
> also finds problems when they happen.
Unfortunately it also finds non-problems too. I have a system on which
the directories in the path leading to the aliases files are
group-writeable, by design. (The system has all of two users, both of
whom are trusted.) Sendmail kvetches about this every time I run
newaliases - I consider it broken for it to arrogate to itself the
right to tell me how my system should be set up, or that something like
this is a problem, and if it refused to run, or if it complained more
often or more verbosely, I would fix it (or, perhaps, switch).
der Mouse
mouse@rodents.montreal.qc.ca
7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
