Bug#167422: general: files in /usr/share should be world-readable
[EMAIL PROTECTED] (Thomas Bushnell, BSG) writes: > This is incorrect. /usr/share is intended to be shared between > cooperating systems, but cooperating systems' root users might well > have secrets that they want to conveniently share. /usr/share is not appropriate for that, as it is the OS's playground (and I can't see any use for the OS installing secrets there). For site-specific secrets /usr/local/share is a better choice. -- Robbe
Bug#167422: general: files in /usr/share should be world-readable
Robert Bihlmeyer <[EMAIL PROTECTED]> writes: > [EMAIL PROTECTED] (Thomas Bushnell, BSG) writes: > > > This is incorrect. /usr/share is intended to be shared between > > cooperating systems, but cooperating systems' root users might well > > have secrets that they want to conveniently share. > > /usr/share is not appropriate for that, as it is the OS's playground > (and I can't see any use for the OS installing secrets there). > For site-specific secrets /usr/local/share is a better choice. "root users" is not somehow not the OS. For example, root users store secrets in the shadow password files. I'm speaking of secrets that *OS* programs need to have, and which should be shared among cooperating machines.
Bug#167422: files in /usr/share should be world-readable
On Fri, Nov 08, 2002 at 09:15:09PM -0500, James R. Van Zandt wrote: > However, I think substituting > > LOG=`tempfile -m 644` > > would introduce a security bug. How? Surely tempfile still creates the file securely, even when the mode is other than 600? Julian -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Julian Gilbey, website: http://www.polya.uklinux.net/ Debian GNU/Linux Developer, see: http://people.debian.org/~jdg/ Visit http://www.thehungersite.com/ to help feed the hungry
