Lower Process Capabilities
Steve Grubb
sgrubb at redhat.com
Mon Jul 27 01:00:25 UTC 2009
On Sunday 26 July 2009 08:54:26 pm Steve Grubb wrote:
> > I trust you meant to write 0555?
>
> No, I really mean 005 so that root daemons are using public permissions.
> Admins of course have DAC_OVERRIDE and can do anything. Try the script in a
> VM and tell me if there are any problems you see.
I should elaborate more. The issue is that sometimes there are secrets that
root admins have access to that should not be available to semi-trusted
daemons. For example, any private keys in /root or /etc. You do not want any
daemon that could be compromised to have access to these. So, its safest just
to set the permissions to 0005 so that they have no access to /root.
I expect a few corner cases, but other than /etc/resolve.conf I don't know of
any problems.
-Steve
More information about the fedora-devel-list
mailing list