'Re: kscd, CDDB, and krabber security'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde
Subject:    Re: kscd, CDDB, and krabber security
From:       Adolf Koenig <rzuw001 () rz ! uni-wuerzburg ! de>
Date:       1999-07-29 7:53:20
[Download RAW message or body]

Cris Wade wrote:
>         ...  ok, here
> is the problem.  when I went to /opt/kde/share/apps/kscd/cddb all the
> directories were set with 777 (drwxrwxrws)permision, and all the files in
> those directories were given 666 (-rw-rw-rw)permision.  To me, this sounds
> unsafe.

It is unsafe indeed, if you are not the only user on your box.
 
> My solution was to set the sticky bit (+t) on all of the
> directories in /opt/kde/share/apps/kscd/cddb (rock, jazz, etc), this way,
> all a user could do is to delete there own CDDB records, but noone elses.  
> 
> now my question is this.  Will this cause any problems for any other
> programs that you know of.  

Probably not. The only consequence is, as you've seen already, that
a user (except root) can only delete his own files. No reasonable software
will depend on deleting other user's files. 
You could as well remove most of the write-pemissions for world, except
perhaps logfiles etc.

> Secondly, is this a problem with all KDE
> installs, or is it just a slackware specific problem.

Probably it's a problem caused by installing a tar-packed library. The tar-file
contains the permissions of the files and directories as they were at the moment of
generating the tar-file and if you install it, you get them all. As I said, as long as 
you are the only user, it doesn't really matter. If you want to check the permissions
before installing a tar-archive, you could take a look on the output of
            tar    -tvf    tarfilename
            
Greetings

A.Koenig

            
-- 
Send posts to:  kde@lists.netcentral.net
 Send all commands to:  kde-request@lists.netcentral.net
  Put your command in the SUBJECT of the message:
   "subscribe", "unsubscribe", "set digest on", or "set digest off"
PLEASE READ THE ARCHIVED MESSAGES AT http://lists.kde.org/ BEFORE POSTING
**********************************************************************
This list is from your pals at NetCentral <http://www.netcentral.net/>

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic