 HylaFAX The world's
most advanced open source fax server
|
[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]
Re: [hylafax-users] Requiring hosts.hfaxd to be 0600 is bad practice
- To: Charles Duffy <cduffy@xxxxxxxxxxx>
- Subject: Re: [hylafax-users] Requiring hosts.hfaxd to be 0600 is bad practice
- From: Aidan Van Dyk <aidan@xxxxxxxx>
- Cc: hylafax-users@xxxxxxxxxxx
- Date: Mon, 29 Aug 2005 11:48:38 -0400
* Charles Duffy <cduffy@xxxxxxxxxxx> [050829 11:11]: > Per subject. Making the file user-readable only (and thus guaranteeing > that it needs to be owned by the fax user) means that the fax user can > also write to this file, and change its permissions (if it isn't already > owner-writable). Right - for hfaxd to be able to write it, it needs write permissions. > From the perspective of minimizing the damage which can be done by a > user who has broken into the fax account, this is a Bad Thing -- much > better if the file were owned by root and readable by fax via group > permissions. (There are lots of other cases as well where hylafax's > permissions are other than ideal from this perspective, but this is the > first one so far that's required a code patch to resolve). Sure - but how can hfaxd write it if it isn't writable by the fax/uucp user? We can make everything r-X------ (owner root) in /var/spool/hylafax, but that wouldn't be very useful either. But it would minimize the damage of someone being in as fax/uucp. > Any chance of modifying or parameterizing this permission check upstream? It's a trade-off. Currently, hfaxd enables ADMIN users to do configuration things. And to do that, hfaxd needs write privileges to the directories/files that these configurations reside in. Not allowing ADMIN users to change hosts.hfaxd might be something you want to suggest, but it would mean moving it from $SPOOL/etc (where hfaxd needs write privileges), or doing something tricky with the sticky bit on it. Like Lee said, suggestions/patches welcome, but keep in mind that the client-serer protocol (and hfaxd) was designed to allow admin users to change configuration of HylaFAX. This is something I think we need to keep, but maybe a radical re-think of "admin levels" is something someone wants to tackle. a. -- Aidan Van Dyk aidan@xxxxxxxx Senior Software Developer +1 215 438-4638 x8103 iFAX Solutions, Inc. http://www.ifax.com/
Attachment:
signature.asc
Description: Digital signature
- Follow-Ups:
- Re: [hylafax-users] Requiring hosts.hfaxd to be 0600 is bad practice
- From: Charles Duffy
- Re: [hylafax-users] Requiring hosts.hfaxd to be 0600 is bad practice
- References:
- [hylafax-users] Requiring hosts.hfaxd to be 0600 is bad practice
- From: Charles Duffy
- [hylafax-users] Requiring hosts.hfaxd to be 0600 is bad practice
- Prev by Date: Re: [hylafax-users] Adding a new fax device without faxaddmodem
- Next by Date: Re: [hylafax-users] Requiring hosts.hfaxd to be 0600 is bad practice
- Previous by thread: Re: [hylafax-users] Requiring hosts.hfaxd to be 0600 is bad practice
- Next by thread: Re: [hylafax-users] Requiring hosts.hfaxd to be 0600 is bad practice
- Index(es):
Project hosted by iFAX Solutions