Le Mon, Jul 03, 2023 at 08:36:23AM -0400, Mouse a écrit :
> > There is one more thing I'd be inclined to add: when _serving_ a
> > config as root[*], error if the configuration (including sourced
> > chunks) is writable by someone else than root.
>
> > What do you think?
>
> A reasonable thing if it's an overridable default. An extremely
> annoying thing (albeit only occasionally) if it's non-overridable.
>
> Also, I'm not sure how I'd modify that if the UID it's serving as is
> someone other than root.
For the moment, I have written it as an error if in server mode
and if uid == root. For another user, the check is not done since
various combinations are possible and, for me, legitimate with no clear
pattern.
I can create a server flag '-s' for "strict" mode, enforcing the check,
and not set it by default.
YMMV. Since there is a checker mode, and there is no privilege needed
and no error (file(s) need only to be readable) when checking, I tend to
think that when writing or verifying, permissions can be whatever
so it is not hampering the work; but when installing the config for
serving it, putting the file only under root writability is a safety
precaution too (against one's own blunders).
There are pros and cons either way---meaning that, you are right, it has
to be configurable; remains the question of: what should be the default?
Strict or not?
--
Thierry Laronde <tlaronde +AT+ polynum +dot+ com>
http://www.kergis.com/
http://kertex.kergis.com/
Key fingerprint = 0FF7 E906 FBAF FE95 FD89 250D 52B1 AE95 6006 F40C
