Re: inetd(8): security considerations

[tlaronde%polynum.com@localhost]

Le Mon, Jul 03, 2023 at 08:36:23AM -0400, Mouse a écrit :
> > There is one more thing I'd be inclined to add: when _serving_ a
> > config as root[*], error if the configuration (including sourced
> > chunks) is writable by someone else than root.
> 
> > What do you think?
> 
> A reasonable thing if it's an overridable default.  An extremely
> annoying thing (albeit only occasionally) if it's non-overridable.
> 
> Also, I'm not sure how I'd modify that if the UID it's serving as is
> someone other than root.

For the moment, I have written it as an error if in server mode
and if uid == root. For another user, the check is not done since 
various combinations are possible and, for me, legitimate with no clear
pattern.

I can create a server flag '-s' for "strict" mode, enforcing the check,
and not set it by default.

YMMV. Since there is a checker mode, and there is no privilege needed
and no error (file(s) need only to be readable) when checking, I tend to
think that when writing or verifying, permissions can be whatever
so it is not hampering the work; but when installing the config for
serving it, putting the file only under root writability is a safety
precaution too (against one's own blunders).

There are pros and cons either way---meaning that, you are right, it has
to be configurable; remains the question of: what should be the default?
Strict or not?
-- 
        Thierry Laronde <tlaronde +AT+ polynum +dot+ com>
                     http://www.kergis.com/
                    http://kertex.kergis.com/
Key fingerprint = 0FF7 E906 FBAF FE95 FD89  250D 52B1 AE95 6006 F40C