Re: Permissions on /root/

2003-03-08 Thread bda
ould personally agree with that assertation. It should be locked down and not touched by adduser ("Would You Like To Make All Homedirs World-Readable?"). -- bda Cyberpunk is dead. Long live cyberpunk. http://mirrorshades.org

Re: Permissions on /root/

2003-03-08 Thread bda
On Sat, Mar 08, 2003 at 01:44:24PM +, Dale Amon wrote: > On Sat, Mar 08, 2003 at 07:37:53AM -0500, bda wrote: > > It should be locked down and not touched by adduser ("Would You Like To > > Make All Homedirs World-Readable?"). > > Actually I'd rather no

Re: Why is proftpd always started when one update it?

2003-07-02 Thread bda
t, if not, it quits. I'm rather confused by the existance of that option, actually. Why would someone want to disable /etc/init.d/proftpd entirely? It's equally possible that I'm simply missing some very obvious point. Regardless of that, I agree that /etc/default/proftpd needs a

Re: execute permissions in /tmp

2003-07-14 Thread bda
ng the fact that the attacker has likely already gained the ability to run arbitrary commands.) It may seem like putting a pebble in front of a tank, but the only defense we have is a many-layered security policy. -- bda Cyberpunk is dead. Long live cyberpunk. http://mirrorshades.org

Re: execute permissions in /tmp

2003-07-14 Thread bda
or the duration of inst. In fact, all partitions that theoretically shouldn't have code being run on them, but require rw get noexec and nosuid (like /var/lib/cvs, or an ftpd root dir, etc). As for the ~/tmp or ~/.tmp commentary, I have no real opinion, but it seems like it'd be a lot of

Re: Permissions on /root/

2003-03-08 Thread bda
ould personally agree with that assertation. It should be locked down and not touched by adduser ("Would You Like To Make All Homedirs World-Readable?"). -- bda Cyberpunk is dead. Long live cyberpunk. http://mirrorshades.org -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Permissions on /root/

2003-03-08 Thread bda
On Sat, Mar 08, 2003 at 01:44:24PM +, Dale Amon wrote: > On Sat, Mar 08, 2003 at 07:37:53AM -0500, bda wrote: > > It should be locked down and not touched by adduser ("Would You Like To > > Make All Homedirs World-Readable?"). > > Actually I'd rather no

Re: Why is proftpd always started when one update it?

2003-07-02 Thread bda
t, if not, it quits. I'm rather confused by the existance of that option, actually. Why would someone want to disable /etc/init.d/proftpd entirely? It's equally possible that I'm simply missing some very obvious point. Regardless of that, I agree that /etc/default/proftpd needs a

Re: execute permissions in /tmp

2003-07-13 Thread bda
ng the fact that the attacker has likely already gained the ability to run arbitrary commands.) It may seem like putting a pebble in front of a tank, but the only defense we have is a many-layered security policy. -- bda Cyberpunk is dead. Long live cyberpunk. http://mirrorshades.org -- To UNSUB

Re: execute permissions in /tmp

2003-07-14 Thread bda
or the duration of inst. In fact, all partitions that theoretically shouldn't have code being run on them, but require rw get noexec and nosuid (like /var/lib/cvs, or an ftpd root dir, etc). As for the ~/tmp or ~/.tmp commentary, I have no real opinion, but it seems like it'd be a lot of