World writable speakup files in Linux next

Samuel Thibault samuel.thibault at ens-lyon.org
Mon Dec 13 08:43:19 EST 2010


Kirk Reiser, le Mon 13 Dec 2010 08:36:58 -0500, a écrit :
> I have never seen anything even
> close to the type of condition we are hypothetically discussing.

You mean, somebody with bad enough intentions?

> I work for a very large university.  My question of curiosity is
> simply to determine why this is a possible concern in a very unlikely
> event.

Security is about unlikely events.

> If something is a security risk then we need to determine what it is
> and how to fix the problem rather than having security through
> obscurity.

We're not talking about obscurity, we're talking about restricting which
users are able to write to these files.

> BTW, I aggree with Chris that the best solution from my
> perspective is to set-up a speakup group and use group writable bits.

Sure.

> I really don't think that is any less of a security risk however.

Anything that can let a user change root's view of what is happening on
a system can really be frowned upon.

Samuel



More information about the Speakup mailing list