Boyd Stephen Smith Jr. wrote:
On Wednesday 11 February 2009 23:26:45 Stan Katz wrote:
I updated/upgraded both my AMD64 and AMD k6 "Etch" machines between Feb
10-11, 2009 using "Lenny" test. Both picked up a symptom I haven't seen
since the lpd exploit of the 1990's. This symptom manifests itself as
either a random escalation of the etc directory mode up to 600, or a
consistent escalation to mode 600 upon reboot.
My /etc is mode 755. Why would that be a problem? Some user/programs may
need to read data out of the directory and root (the owner of my /etc)
certainly needs write permissions.
I don't remember why the lpd
exploit did this. If this is an exploit, it shakes my confidence in debian
online updating.
I don't see how a 600 /etc can be exploited. Do you have any other records
that would indicate you are exploited, or is this just fear-mongering?
/etc with 600 is a grave error!
/etc/ must be accessible for the following reasons:
- debian alternatives (and some posix program requires i.e. "editor" command)
- networking: libc need to read some file (resolver, hostname, ...), and this
is done in normal user context
- passwd must be public (indirectly required by POSIX)
- etc has configuration of daemon, which could read such configuration
in different deamon context (not root). This is true especially by
reloading configuration
- and a lot more reasons.
Some files must be protected, not the entire /etc.
ciao
cate
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
