Subject: Re: permissions & rc.conf
To: None <>
From: Jan Danielsson <>
List: netbsd-users
Date: 08/23/2005 20:37:08
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

Steven M. Bellovin wrote:
>>  On a more security related note: Why is it that most files in /etc
>>are readable by everyone by default? Files like rc.conf are only of
>>interrest to init/root, right? If so, why aren't they more restricted by
> Why shouldn't they be readable by default?  What is the threat you're 
> trying to defend against?

   I guess you could say I like the "least access" philosophy. If you
have no reason to meddle in X, then there's no reason for you to even
have access to X. It's like protected and private members in C++. If the
application shouldn't meddle with them, why even allow it to call them?
This is also the basis for all sane security thinking, imho: Allow only
what is essential, and prohibit the rest.

> Make something read-protected if there's a problem, either because the 
> data is inherently secret (i.e., keying material) or because you're 
> trying to conceal something about local security policy that isn't 
> readily discernible by other means.  Very little, if anything, in 
> rc.conf fits that description.

   My university network requires a login/logout via https. To get
around this annoyance, I have written a login script which handles
everything automatically during boot and shutdown. I have created a
/etc/rc.d/unilogin which handles the login/logout. In rc.conf I have:

unilogin_flags="--user=<userid> --pass=<pass>"

Notice the "--pass=" parameter; that's what I want to hide.

   In fact, if /etc/rc.conf is readable by everyone, it's like saying:
Don't put important login information here. But what if I *need* to
place important login information there? IMHO, there should be some
clear way to do this. I was given a tip which suits me just fine, but
unless it breaks anything, I see not reason why more files in /etc
shouldn't be made non-readable by 'everyone'. It's basic security
thinking, imho.

   As I have stated earlier, I'm a NetBSD newbie, so I apologize if I'm
suggesting something that would break normal operations.

Kind Regards,
Jan Danielsson
Te audire no possum. Musa sapientum fixa est in aure.

Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

Version: GnuPG v1.4.2 (MingW32)