[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: F8 postmortem



Matt Domsch wrote:
Permissions on dirs/files on the mirror should be revisited.
All directories should be 0750 and files should be 0640 before the
bitflip, to prevent leaks. vsftpd will serve a file with a known name
and perms 0644 even if the directory or one above it is 0750.  Apache
won't.  Let's be sure to use these permissions.

I disagree. This is typically a server setup issue, not a permission issue. If vsftpd serves such files, it means it has the right to access the directory (so it is run with the same UID than rsync or it is in the same group). If the files are group readable, then technically, vsftpd has the right to read them just like it has the right to access the directories path. Doing 0640 on files will block vsftpd access if and only if the admin has enabled anon_world_readable_only.

I would advocate for a release root-only bitfliped to get updates as simple as possible. As admins are usually asked to schedule a atjob to run a rsync/chmod at release date/time, KISS... ;-)

If you really want to avoid leaks, then perhaps you should test mirrors with a special directory to reproduce usual release rights and check from time to time if this directory contents are unreadable.

Fran├žois


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]