HylaFAX The world's most advanced open source fax server

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [hylafax-users] Requiring hosts.hfaxd to be 0600 is bad practice



Charles Duffy wrote:

Per subject. Making the file user-readable only (and thus guaranteeing that it needs to be owned by the fax user) means that the fax user can also write to this file, and change its permissions (if it isn't already owner-writable).

From the perspective of minimizing the damage which can be done by a user who has broken into the fax account, this is a Bad Thing -- much better if the file were owned by root and readable by fax via group permissions. (There are lots of other cases as well where hylafax's permissions are other than ideal from this perspective, but this is the first one so far that's required a code patch to resolve).

Any chance of modifying or parameterizing this permission check upstream?


Feel free to file a bug report on Bugzilla and attach your suggested patch.

Thanks,

Lee.


____________________ HylaFAX(tm) Users Mailing List _______________________ To subscribe/unsubscribe, click http://lists.hylafax.org/cgi-bin/lsg2.cgi On UNIX: mail -s unsubscribe hylafax-users-request@xxxxxxxxxxx < /dev/null *To learn about commercial HylaFAX(tm) support, mail sales@xxxxxxxxx*




Project hosted by iFAX Solutions