[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Security of CFINPUTS
From: |
Julien Brouchier |
Subject: |
Re: Security of CFINPUTS |
Date: |
Tue, 15 May 2001 11:26:58 +0200 |
Mark.Burgess@iu.hio.no wrote:
>
> I am planning to make a change in cfengine 2 whereby, if CFINPUTS
> is not set, cfengine will look for input files in /var/cfengine/inputs.
> (/var/run/cfengine is deprecated, since some OSes clear /var/run
> on reboot)
I always thought that /var/SOMEPROGNAME is somewhat wrong, Why
would'nt you use /var/lib/cfengine ?
> Since cfengine checks the permissions and ownership of files before
> accepting (and will additionally authenticate them cryptographically in
> future), this seems like a reasonable feature, which could simplify
> setup.
Authenticate cryptographically against what ? what do you want to
check (integrity of the file ? authenticity ?) where will the signature
or
checksums be stored ? i mean that crypto is a serious issue and usually
just
checking the permission will grant us enought security most of the times
:o)
> Does anyone have any arguments against this?
No arguments against, just thoughts to get things going :o)
--
Julien Brouchier <julien.brouchier@gemplus.com>
Gemplus/Information Security Team
Phone +33.(0)4.42.36.42.50
When the only tool you have is a hammer, every problem starts to look
like a nail.
Re: Security of CFINPUTS, Avi Green, 2001/05/15