[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Sudo from scripts



On 11/18/2008 09:59 PM, Nifty Fedora Mitch wrote:

Backing up those (system) files that a user can just read in the normal
set of events is not a security issue.   The serious risk is on the
restore side of things.   For example /etc/passwd needs to be +read
for the world by contrast /etc/shadow cannot be read.

Interpreted programs -- bash, perl, python must be +read! Note that the run time load/linker must read information from binary objects.
In fact it must do a bit of editing -- see also prelink.
It might be possible to add attributes to each section of an object
(see objdump) such that specific read write bits and security attributes exist and are enforced per section (I do not recommend such an RFE).
There may be an issue if software is purchased and unauthorized copies leave
the building but that is a different component of security.
Basically, I agree. Backing up as root is fine, as long as the backup procedure maintains the proper ownership and permissions. On home systems, I personally prefer to backup my home directory myself and manage my crontab, but that could be done just as easily by root.

--
Jerry Feldman <gaf blu org>
Boston Linux and Unix
PGP key id: 537C5846
PGP Key fingerprint: 3D1B 8377 A3C0 A5F2 ECBB  CA3B 4607 4319 537C 5846


Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]