Re: [Aegis-developers] Security Paranoia
Brought to you by:
pmiller
From: John D. <jo...@ce...> - 2002-12-28 11:49:42
|
On Sat, Dec 28, 2002 at 05:39:21PM +1100, Peter Miller wrote: > So how does the following proposal sound: >=20 > 1. $comdir/state is changed to mode 600 > 2. ael proj is changed such that it omits mention of projects whose > info directory it can't access > 3. aenpr and aenbr get new options to overide the umask of the new > directories. > 4. There also might be changes needed so that aereport doesn't leak > information.=20 >=20 >=20 > Can anyone see any problems here? =20 Sounds do-able. =20 How do we handle upgrades from the older lesser security to the newer greater security? =20 I can't see that there would need to be any special precautions needed. The changes I described, rely upon someone (presumably the project owner) actually setting the permissions and group of the project directory. If (s)he doesn't explicitly do this, then aegis will behave exactly as before. The make install target could chmod the global state file (only a problem if it happens to be NFS mounted). If it's deemed necessary it could ask the installer if (s)he wants to change the mode of existing projects, but personally I don't like interactive upgrade/install scripts. J' --=20 PGP Public key ID: 1024D/2DE827B3=20 fingerprint =3D 8797 A26D 0854 2EAB 0285 A290 8A67 719C 2DE8 27B3 See http://www.keyserver.net or any PGP keyserver for public key. |