WDef
Group: Members
Posts: 798
Joined: Sep. 2005 |
 |
Posted: Sep. 19 2005,08:15 |
 |
Since passwords can now be set for root and the user 'dsl', I wondered if it would be consistent to restrict
perms on /etc/sysconfig/des to 600 in /etc/init.d/dsl-config before writing the backup/restore
password there?
At present this file is world-readable.
For eg:
| Code Sample | if checkbootparam "protect"; then
getpasswd "encryption"
touch /etc/sysconfig/des
chmod 600 /etc/sysconfig/des
echo "$PASSWD" > /etc/sysconfig/des
fi |
(Requires remastering of the iso to test).
If filetool.sh is still to be executable by user dsl, sudo will then need to be inserted
before the 'cat /etc/sysconfig/des' lines in filetool.sh.
| Code Sample | | KEY=$(sudo cat /etc/sysconfig/des) |
However, since filetool.sh never seems to be executed other than by root/sudo, all the 'sudo' commands
might be safely removable from filetool.sh. In that case, the 'chown root $MOUNTPOINT/backup.des' in the hacked
scripts I posted recently also can be removed.
|
.
DSL Market ,
Great VPS hosting provided by Tektonic
