Re: [hylafax-users] Requiring hosts.hfaxd to be 0600 is bad practice

To: Charles Duffy <cduffy@xxxxxxxxxxx>
Subject: Re: [hylafax-users] Requiring hosts.hfaxd to be 0600 is bad practice
From: Aidan Van Dyk <aidan@xxxxxxxx>
Cc: hylafax-users@xxxxxxxxxxx
Date: Mon, 29 Aug 2005 11:48:38 -0400

* Charles Duffy <cduffy@xxxxxxxxxxx> [050829 11:11]:
> Per subject. Making the file user-readable only (and thus guaranteeing 
> that it needs to be owned by the fax user) means that the fax user can 
> also write to this file, and change its permissions (if it isn't already 
> owner-writable).

Right - for hfaxd to be able to write it, it needs write permissions.

> From the perspective of minimizing the damage which can be done by a 
> user who has broken into the fax account, this is a Bad Thing -- much 
> better if the file were owned by root and readable by fax via group 
> permissions. (There are lots of other cases as well where hylafax's 
> permissions are other than ideal from this perspective, but this is the 
> first one so far that's required a code patch to resolve).

Sure - but how can hfaxd write it if it isn't writable by the fax/uucp
user?  We can make everything r-X------ (owner root) in
/var/spool/hylafax, but that wouldn't be very useful either.  But it would
minimize the damage of someone being in as fax/uucp.

> Any chance of modifying or parameterizing this permission check upstream?

It's a trade-off.  Currently, hfaxd enables ADMIN users to do
configuration things.  And to do that, hfaxd needs write privileges to
the directories/files that these configurations reside in.

Not allowing ADMIN users to change hosts.hfaxd might be something you
want to suggest, but it would mean moving it from $SPOOL/etc (where
hfaxd needs write privileges), or doing something tricky with the
sticky bit on it.

Like Lee said, suggestions/patches welcome, but keep in mind that the
client-serer protocol (and hfaxd) was designed to allow admin users to
change configuration of HylaFAX.  This is something I think we need to
keep, but maybe a radical re-think of "admin levels" is something
someone wants to tackle.

a.

-- 
Aidan Van Dyk                                             aidan@xxxxxxxx
Senior Software Developer                          +1 215 438-4638 x8103
iFAX Solutions, Inc.                                http://www.ifax.com/

Attachment: signature.asc
Description: Digital signature

Follow-Ups:
- Re: [hylafax-users] Requiring hosts.hfaxd to be 0600 is bad practice
  - From: Charles Duffy

References:
- [hylafax-users] Requiring hosts.hfaxd to be 0600 is bad practice
  - From: Charles Duffy

Prev by Date: Re: [hylafax-users] Adding a new fax device without faxaddmodem
Next by Date: Re: [hylafax-users] Requiring hosts.hfaxd to be 0600 is bad practice
Previous by thread: Re: [hylafax-users] Requiring hosts.hfaxd to be 0600 is bad practice
Next by thread: Re: [hylafax-users] Requiring hosts.hfaxd to be 0600 is bad practice
Index(es):
- Main
- Thread

Report any problems to webmaster@hylafax.org

HylaFAX is a trademark of Silicon Graphics Corporation.
Internet connectivity for hylafax.org is provided by:
VirtuALL Private Host Services