[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Security of CFINPUTS
|
From: |
Ted Zlatanov |
|
Subject: |
Re: Security of CFINPUTS |
|
Date: |
15 May 2001 12:11:09 -0400 |
|
User-agent: |
Gnus/5.090004 (Oort Gnus v0.04) Emacs/21.0.100 |
address@hidden writes:
> It's not the name of the directory that's important, but whether
> automatically looking for files in a possibly untrusted location
> might be dangerous somehow. Cfengine attempts to secure the area
> before using anything, but is there something I have not considered?
A malicious attacker might be able to switch configuration files while
cfengine is running - do they ever get loaded during a run, or are
they always pre-loaded? I can imagine some nasty attacks with pipe
files, for instance.
I like sudo's approach - it will not run if the sudoers file does not
have the exactly right permissions (440, root/root, IIRC), and is not
a plain file.
In addition, it might be a good idea to sign configuration files with
some sort of public key encryption scheme. Then, cfengine can trust
everything in the default directory (or directories) as long as it's
signed by the same person who compiled the package.
Ted