Re: [Aegis-developers] Security Paranoia

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

On Sat, Dec 28, 2002 at 05:39:21PM +1100, Peter Miller wrote:

     > So how does the following proposal sound:
     >=20
     > 1. $comdir/state is changed to mode 600
     > 2. ael proj is changed such that it omits mention of projects whose
     >    info directory it can't  access
     > 3. aenpr and aenbr get new options to overide the umask of the new
     >    directories.
     > 4. There also might be changes needed so that aereport doesn't leak
     >    information.=20
     >=20
     >=20
     > Can anyone see any problems here?
    =20
     Sounds do-able.
    =20
     How do we handle upgrades from the older lesser security to the newer
     greater security?
     =20

I can't see that there would need to be any special precautions
needed.   The changes I described, rely upon someone (presumably the
project owner) actually setting the permissions and group of the project
directory.  If (s)he doesn't explicitly do this, then aegis will
behave exactly as before.

The make install target could chmod the global state
file (only a problem if it happens to be NFS mounted).  If it's deemed
necessary it could ask the installer if (s)he wants to change the mode
of existing projects, but personally I don't like interactive
upgrade/install scripts.

J'

--=20
PGP Public key ID: 1024D/2DE827B3=20
fingerprint =3D 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://www.keyserver.net or any PGP keyserver for public key.