Re: Exploit in Upgrade Chain?
On Thursday, 2009-02-12 at 12:11:01 -0800, The Well - Systems Administrator wrote:
> 600 on /etc is technically more secure than the default 755 with normal
> POSIX systems, not less. If this is an exploit, it's one that locks
> things down tighter than they should normally be. :) Giacomo is correct
> that these incorrect perms can cause other issues, though not security
> related ones that I can think of.
Mode 600 will deny /etc to everybody except root while it will change
nothing for root. If you have any services on your system that run under
non-root UIDs, and that have config under /etc, you hose them with any
mode that removes the eXecute bit for "others".
So it's not an exploit, it's a Denial of Service. Which I believe *is*
security related...
Lupe Christoph
--
| There is no substitute for bad design except worse design. |
| /me |
Reply to: