[hylafax-users] Requiring hosts.hfaxd to be 0600 is bad practice

To: hylafax-users@xxxxxxxxxxx
Subject: [hylafax-users] Requiring hosts.hfaxd to be 0600 is bad practice
From: Charles Duffy <cduffy@xxxxxxxxxxx>
Date: Mon, 29 Aug 2005 05:55:48 -0500

Per subject. Making the file user-readable only (and thus guaranteeing that it needs to be owned by the fax user) means that the fax user can also write to this file, and change its permissions (if it isn't already owner-writable).

From the perspective of minimizing the damage which can be done by a user who has broken into the fax account, this is a Bad Thing -- much better if the file were owned by root and readable by fax via group permissions. (There are lots of other cases as well where hylafax's permissions are other than ideal from this perspective, but this is the first one so far that's required a code patch to resolve).

Any chance of modifying or parameterizing this permission check upstream?


____________________ HylaFAX(tm) Users Mailing List _______________________
 To subscribe/unsubscribe, click http://lists.hylafax.org/cgi-bin/lsg2.cgi
On UNIX: mail -s unsubscribe hylafax-users-request@xxxxxxxxxxx < /dev/null
 *To learn about commercial HylaFAX(tm) support, mail sales@xxxxxxxxx*

Follow-Ups:
- Re: [hylafax-users] Requiring hosts.hfaxd to be 0600 is bad practice
  - From: Lee Howard
- Re: [hylafax-users] Requiring hosts.hfaxd to be 0600 is bad practice
  - From: Aidan Van Dyk

Prev by Date: Re: [hylafax-users] HylaFAX 4.2.1-23 and Fedora Core 3
Next by Date: [hylafax-users] Adding a new fax device without faxaddmodem
Previous by thread: [hylafax-users] client access permissions
Next by thread: Re: [hylafax-users] Requiring hosts.hfaxd to be 0600 is bad practice
Index(es):
- Main
- Thread

Report any problems to webmaster@hylafax.org

HylaFAX is a trademark of Silicon Graphics Corporation.
Internet connectivity for hylafax.org is provided by:
VirtuALL Private Host Services