Le 11/02/2013 19:05, Russ Allbery a écrit :
> Charles Williams <ch...@itadmins.net> writes:
>
>> However, I still have 1 problem. This package controls entire clusters
>> (corosync, pacemaker, et al) and thus is designed with directory rights
>> of 0700 for user hacluster (user used to run corosync). The problem is
>> that 0700 directories are against policy in /usr/share. However,
>> lighttpd is the delivery agent for the package and such apps (phpmyadmin
>> and other web gui's) are usually installed in /usr/share. If I set the
>> directories at 755 then there is the possibility that any service/script
>> could execute files in the directory and thus control the cluster.
>
> Er, why could anyone executing the scripts be able to control the cluster?
> That implies that there are authentication credentials embedded in the
> scripts, which is a bad design.
Moreover, in this case, directory 0700 are not a protection: it is easy
for a user to download the (source or binary) package and to compile or
unpack it in its HOME. So, if running programs of a Debian package allows
to take over the control of a cluster (without requiring credentials
from somewhere else), there is a fundamental security design problem.
Regards,
Vincent
--
Vincent Danjean GPG key ID 0x9D025E87 vdanj...@debian.org
GPG key fingerprint: FC95 08A6 854D DB48 4B9A 8A94 0BF7 7867 9D02 5E87
Unofficial pkgs: http://moais.imag.fr/membres/vincent.danjean/deb.html
APT repo: deb http://people.debian.org/~vdanjean/debian unstable main
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/511967c7.1030...@free.fr
