Le mardi 17 août 2010 à 21:25:30 (+0200), Christoph Anton Mitterer a écrit : > Date: Tue, 17 Aug 2010 21:25:30 +0200 > From: Christoph Anton Mitterer <cales...@scientia.net> > To: 593...@bugs.debian.org > Subject: Bug#593120: /var/lib/rkhunter/tmp/ should not be group readable > Reply-To: Christoph Anton Mitterer <cales...@scientia.net>, > 593...@bugs.debian.org > > On Tue, 2010-08-17 at 15:06 +0200, Julien Valroff wrote: > > > As already suggested by the rkhunter documentation, the tmp-dir > > > /var/lib/rkhunter/tmp/ should have tight permissions. > > The tmp directory keeps the default rights defined by upstream. > Then we should perhaps try to get this done upstream (too)?!
They are reluctant on changing this. As far as I remember of a previous discussion, the current permissions were set after a real conscious decision. > > > > group-rights should be removed even for the root group IMO. > > > As sysadmins may have deliberately removed this for some files copied > > > there. > > > > You are right, though I would then better check that the files are copied > > to this > > directory using either 'cp -p' or 'cp -a', what do you think? > > > > This is already the case for the passwd and group files which are dealt > > with in > > the postinst script. > > Well I'd use -a,... Well, upstream use -p but that's enough for your concern, am I right? > but nevertheless change the rights of the dir > itslef.... why having something more open than needed? Security through obscurity? ;) I am really not against this, but I do not see what it would bring. I am also reluctant in adding such specific patches which upstream would never merge. Cheers, Julien -- Julien Valroff <jul...@kirya.net> http://www.kirya.net GPG key: 4096R/290D20C5 092F 4CB5 5F19 E006 1CFD B489 D32B 8D66 290D 20C5 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org