WDef
Group: Members
Posts: 798
Joined: Sep. 2005 |
|
Posted: Sep. 19 2005,08:15 |
|
Since passwords can now be set for root and the user 'dsl', I wondered if it would be consistent to restrict perms on /etc/sysconfig/des to 600 in /etc/init.d/dsl-config before writing the backup/restore password there?
At present this file is world-readable.
For eg:
Code Sample | if checkbootparam "protect"; then getpasswd "encryption" touch /etc/sysconfig/des chmod 600 /etc/sysconfig/des echo "$PASSWD" > /etc/sysconfig/des fi |
(Requires remastering of the iso to test). If filetool.sh is still to be executable by user dsl, sudo will then need to be inserted before the 'cat /etc/sysconfig/des' lines in filetool.sh.
Code Sample | KEY=$(sudo cat /etc/sysconfig/des) |
However, since filetool.sh never seems to be executed other than by root/sudo, all the 'sudo' commands might be safely removable from filetool.sh. In that case, the 'chown root $MOUNTPOINT/backup.des' in the hacked scripts I posted recently also can be removed.
|