Heinrich Rebehn wrote:
Hi list,
i am getting a daily insecurity report from my system system saying:
##########################################################
Checking special files and directories.
Output format is:
filename:
criteria (shouldbe, reallyis)
etc/pf.conf:
type (file, link)
permissions (0600, 0755)
##########################################################
I do this in order to save different versions of the file.
My question: Is a symbolic link really insecure? Or is this just a
deficiency of /etc/security?
I could use hard links instead of soft links as a workaround, but then
one cannot as easily see where the link points to.
Sorry if this might sound like nitpicking, but i do not want to get used
to ignoring security warnings.
A good habit, I'd say.
Have a look at mtree(8), /etc/security and /etc/mtree/special. In the
latter, you should be able to set type=link for pf.conf. I cannot tell
if it has any obvious downsides, as long as you know what you're doing
and (maybe) not pointing it to /tmp/feedme or so.
/Alexander
