On Thu, Aug 29, 2002 at 02:51:14AM +0100, Nick Boyce wrote: > > I decided to start locking down permissions on "sensitive" files on a > recently installed Woody box, and discovered that when I changed the > permissions on "hosts.allow" (and "hosts.deny") to 640 then I could no > longer Telnet into the box from the permitted IP address (never mind > denied addresses). /var/log/daemon.log had messages in it to the > effect that tcpd couldn't read hosts.allow, so was denying the > connection. >
Maybe this is a lame question in response, but why would users being able
to see hosts.allow and hosts.deny constitute a security hole? As long
as the files are not world writable, then you shouldn't have a problem.
(Maybe there's a small problem with keeping the workstations that can
access this machine secure, but you do have intrusion detection software,
chkrootkit, and backups, right?)
--
------------------------------------------
Edward Guldemond
Key fingerprint: 29FF 2969 A04E F934 3F03
4329 BC56 3AA7 2F57 6735
pgpHPidD8NxhE.pgp
Description: PGP signature
