Bug 44433
| Summary: | Default permissions of some files under /etc | ||
|---|---|---|---|
| Product: | Base System | Reporter: | Annihilator <annihilator_sc> |
| Component: | conf | Assignee: | freebsd-bugs (Nobody) <bugs> |
| Status: | Closed FIXED | ||
| Severity: | Affects Only Me | ||
| Priority: | Normal | ||
| Version: | 1.0-RELEASE | ||
| Hardware: | Any | ||
| OS: | Any | ||
|
Description
Annihilator
2002-10-24 14:20:01 UTC
State Changed From-To: open->closed Security through obscurity is no security at all. If your legitimate users cause trouble the correct fix is non-technical. If an external attacker gets a shell on the machine you are already doomed. The contents of these files can be worked out by observing the behaviour of the system. Users need to be able to see the contents in order to debug problems without bothering the sysadmin, and the sysadmin should not have to be root to be reminded of the contents of the files. This is not a bug. > The contents of these files can be worked out by observing the behaviour > of the system. I disagree. I mentioned those files in particular because there IS NO way that the user can deduce all their content, short of monitoring the system 24-7 (and even then only for certain files). > Users need to be able to see the contents in order > to debug problems without bothering the sysadmin Not those files. There's absolutely nothing in there for local users to see, or debug. > and the sysadmin should not have to be root to be reminded of the contents > of the files. The sysadmin is most likely in the wheel group, therefore setting the mod to 660 where appropriate would yield the needed result. Annihilator |
