Re: [sOT] General security/permissions issues (long)

From: Radoslaw Stachowiak (radek@private)
Date: Mon Sep 02 2002 - 09:37:43 PDT


*** Michael Tokarev <mjt@private> [Monday, 26.August.2002, 22:08 +0400]:
> There is another directory, bases/, where all av bases
> (*.vdb files for drwebd - virus signatures) are keept.
> This directory should be readable by drwebd - obviously -
> so that daemon can read it's data.  But it should NOT
> be *writable* by daemon: if by any chance an attacker
> will have control over drweb daemon (a complex piece
> of software, closed source, yadda-yadda), he should NOT
> be able to mess with those.  For now, directory bases/
> and all files within is owned by root:root.

Just my 0.02$

looks for me that a mistake in assumption made above has 'created' this
rather complicated problem while in fact it does not exist :)  

Why?

Because those files (bases/) are for drwebd. Assuming that someone has
control over drwebd means that he can do whatever he wants. read: can
disable AV checks regardless bases/ files are good or wrong. in other
words: after drwebd compromise, bases/ files have lost their value, so
protecing them has no sense.

So this all solutions do not prevent attacker from his objectives (after
succesful drwebd compromise).

This is based on my assumption (maybe wrong?) that bases/ files are
only used for drwebd.

Anyway (maybe i'm wrong with sth else), solution with two separate
connections is what i like.

-- 
radoslaw.stachowiak.........................................http://alter.pl/



This archive was generated by hypermail 2.1.3 : Sun Jan 15 2006 - 13:43:16 PST