F8 postmortem
Francois Petillon
fantec at proxad.net
Thu Nov 8 20:21:31 UTC 2007
Matt Domsch wrote:
> Permissions on dirs/files on the mirror should be revisited.
> All directories should be 0750 and files should be 0640 before the
> bitflip, to prevent leaks. vsftpd will serve a file with a known name
> and perms 0644 even if the directory or one above it is 0750. Apache
> won't. Let's be sure to use these permissions.
I disagree. This is typically a server setup issue, not a permission
issue. If vsftpd serves such files, it means it has the right to access
the directory (so it is run with the same UID than rsync or it is in the
same group). If the files are group readable, then technically, vsftpd
has the right to read them just like it has the right to access the
directories path. Doing 0640 on files will block vsftpd access if and
only if the admin has enabled anon_world_readable_only.
I would advocate for a release root-only bitfliped to get updates as
simple as possible. As admins are usually asked to schedule a atjob to
run a rsync/chmod at release date/time, KISS... ;-)
If you really want to avoid leaks, then perhaps you should test mirrors
with a special directory to reproduce usual release rights and check
from time to time if this directory contents are unreadable.
François
More information about the Fedora-infrastructure-list
mailing list