Date: Fri, 05 Sep 2003 12:16:35 -0700 From: richard childers / kg6hac <fscked@pacbell.net> To: freebsd-security@freebsd.org Subject: re: world read permissions on system level files Message-ID: <3F58E113.10509@pacbell.net> In-Reply-To: <20030905190045.7F07916A4DA@hub.freebsd.org> References: <20030905190045.7F07916A4DA@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
From: "Biyala, Urvi" <Urvi.Biyala@bankofamerica.com>
>I need to trim the world read permissions from the system sensitive files. I know that it would be safe to trim the permissions from many of the configuration files in /etc. But I was not sure if I could safely tighten the permissions form other system files. Does any one know of any documentation on this. Or can any one tell me if it is safe to trim world read permissions from the system files.
>
This needs to be done on a application-by-application, file-by-file basis.
There are a spectrum of possibilities.
For instance, there is no need for files read during boot to be
world-readable; it is the root that is carrying out all of the
operations, starting the system.
At the other end of the spectrum, if you disable world-readability from
/etc/passwd, your shell cannot determine its home directory, and
problems will ensue.
If this is consequent to BofA's layoff and replacement of their entire
IT infrastructure, I would definitely recommend something along the
following lines:
find /etc -type f -exec chmod 0000 {} \;
This will maximize security, at the expense of some inconvenience.
Drily,
-- richard
Richard Childers / (415) 759-5571
Senior Engineer / Daemonized Networking Services
https://www.daemonized.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F58E113.10509>