Subject: Re: /etc/ipsec.conf permissions
To: Curt Sampson <email@example.com>
From: None <firstname.lastname@example.org>
Date: 04/15/2003 19:27:19
>> >I'm not sure if racoon.conf should be "mode=0644", or "mode=0600 tags=nodiff"
>> i guess 644 is ok.
>Could racoon be set up in a weak manner, such that knowing how it was
>improperly set help an attacker? If so, perhaps we should not expose
>this information, to make the attack a bit harder.
the only "weak manner" config i can think of (in racoon.conf) is the
use of aggressive mode. no big deal.