Subject: Re: /etc/ipsec.conf permissions
To: Curt Sampson <>
From: None <>
List: tech-security
Date: 04/15/2003 19:27:19
>> >I'm not sure if racoon.conf should be "mode=0644", or "mode=0600 tags=nodiff"
>> 	i guess 644 is ok.
>Could racoon be set up in a weak manner, such that knowing how it was
>improperly set help an attacker? If so, perhaps we should not expose
>this information, to make the attack a bit harder.

	the only "weak manner" config i can think of (in racoon.conf) is the
	use of aggressive mode.  no big deal.