[tex-live] updmap and /

Robin Fairbairns Robin.Fairbairns at cl.cam.ac.uk
Mon Mar 2 09:43:11 CET 2009


Heiko Oberdiek <oberdiek at uni-freiburg.de> wrote:

> On Mon, Mar 02, 2009 at 12:47:39AM +0100, Reinhard Kotucha wrote:
> 
> > On 1 March 2009 Heiko Oberdiek wrote:
> > 
> >  > On Sun, Mar 01, 2009 at 06:21:35PM +0100, Lars Madsen wrote:
> >  > 
> >  > > I'm trying to figure out why our system is set like this, not
> >  > > sure if it is own own installation script or if it is redhat.
> >  > 
> >  > Perhaps a "security feature", 
> > 
> > Please note the quotes. :)
> > 
> >  > it makes life for unauthorized access a little harder.
> > 
> > Maybe a little bit.  Only very few files have to be kept secret on a
> > typical UNIX system.
> 
> There are many files, private files, for example.

what is a "typical" unix system?  there aren't many files of mine that i
protect, but i wouldn't dream of generalising from my particular -- i
work in academia, and academia works through openness.

> > It doesn't make sense to be too paranoid.
> > 
> > Some time ago I did this (as root):
> > 
> >   chmod 700 /home/*
> > 
> > Looks reasonable at a first glance, right?  But it didn't work.
> > 
> > One of the reasons the most critical programs (Postfix, Apache,...)
> > are so secure is that these programs do most of their work as
> > unprivileged users rather than with root permissions.  
> > 
> > So, what's wrong with "chmod 700 /home/*"?
> 
> Nothing. ;-)
> 
> > If the /home/* directories are not executable by everyone, then Apache
> > is not able to access the /home/*/public_html files.
> 
> Not everyone does have something inside public_html.
> However the others have to enable executive permission, e.g.
>   chmod 711 /home/user_with_public_html_files

indeed.  in a seriously secure setup, public files *have* to be stored
elsewhere.

> But making it readable for others means that they can easily look
> into the directory and perhaps can even read files that are meant
> to be private.
> 
> > It doesn't make sense to be too restrictive.  And paranoia is a
> > medical condition rather than an instrument to achieve security.
> 
> But you need paranoia for security, thus the art is finding
> the right balance depending on the circumstances.

the fact is, that linux (indeed, most unices) weren't designed with
security in mind.  trying to impose security by using the default unix
"file protection only" *inevitably* results in confusion, such as we're
seeing here.

as it happens, you stand a better chance with a widnoze system: since
nt4 (at least) windows has had been an acl system that permits
fine-grained security.  acls are probably the way forward for unices,
too (now).

(and paranoia ... i've experience of that, and it's frightening to
observe.  but for all that, it's not a bad model for the way one needs
to think about security, at a global level.  paranoia doesn't help at
the micro-design level, though ... unless you have the tools available.
building a fence to protect something doesn't work, if you discover
you've driven a fence post through your own foot.)

i can imagine people protecting / in the fond hope that they were making
their system more secure.  i doubt it has the expected effect, and we
already have a hint that it has unexpected (and undesirable) effects.

robin

(whose first research project aimed to build hardware security.  in the 1970s.)


More information about the tex-live mailing list