[systemd-devel] audit paranoia breaks tests
Simon McVittie
simon.mcvittie at collabora.co.uk
Fri May 3 06:00:42 PDT 2013
On 03/05/13 13:16, Lennart Poettering wrote:
> On Fri, 03.05.13 04:51, Zbigniew Jędrzejewski-Szmek (zbyszek at in.waw.pl) wrote:
>> Hm, one of our tests fails because /usr/lib/systemd/system/auditd.service
>> is -rw-r-----. That's crazy. Do we fight it, or work around it?
>
> I'd say fight it. After all this is just annoying and little else since
> the parsed information is publically accessible anyway on the bus.
See also Debian Policy, which basically says that files should be 0644
or 0755 unless there's a good reason, and points out another reason why
there's no point in making packaged non-configuration files unreadable:
Setuid and setgid executables should be mode 4755 or 2755
respectively, and owned by the appropriate user or group. They
should not be made unreadable (modes like 4711 or 2711 or even
4111); doing so achieves no extra security, because anyone can find
the binary in the freely available Debian package; it is merely
inconvenient. For the same reason you should not restrict read or
execute permissions on non-set-id executables.
<http://www.debian.org/doc/debian-policy/ch-files.html#s-permissions-owners>
> I figure we should try to get the fedora packaging guidelines updated to
> say that root:root 664 is the right access mode
Out of interest, why not 0644? Then members of group root (if there are
any) wouldn't be able to escalate to uid root by altering system services.
(If group root is root-equivalent on Fedora anyway, then there's no
practical difference, of course.)
S
More information about the systemd-devel
mailing list