From Fedora Project Wiki

No edit summary
No edit summary
 
Line 1: Line 1:
= Have secure by default permissions for configuration and log files =
= Have secure by default permissions for configuration and log files =
== Proposed change ==


All configuration files (e.g. files in /etc/) and all log files (e.g. files in /var/log/) must not be set world-readable unless there is a functional reason to do so. By default, configuration files should be chmod 600 or 0640 and log files should be chmod 0600. This is due to a continuing number of security issues with world readable files that contain sensitive information (e.g. passwords and access tokens or logged usernames and commands for example).
All configuration files (e.g. files in /etc/) and all log files (e.g. files in /var/log/) must not be set world-readable unless there is a functional reason to do so. By default, configuration files should be chmod 600 or 0640 and log files should be chmod 0600. This is due to a continuing number of security issues with world readable files that contain sensitive information (e.g. passwords and access tokens or logged usernames and commands for example).
== Rationale ==
The number of security issues created by lax permissions on configuration and log files has resulted in a number of security issues exploitable by local users. E.g.:
[http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=configuration+file+permissions CVEs for configuration file permissions]
[http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=log+file+permissions CVEs for log file permissions]
Please note that the above lists are by no means a complete listing of the security flaws that have resulted from lax permissions.


[[Category:Packaging guidelines drafts]]
[[Category:Packaging guidelines drafts]]

Latest revision as of 17:18, 18 June 2015

Have secure by default permissions for configuration and log files

Proposed change

All configuration files (e.g. files in /etc/) and all log files (e.g. files in /var/log/) must not be set world-readable unless there is a functional reason to do so. By default, configuration files should be chmod 600 or 0640 and log files should be chmod 0600. This is due to a continuing number of security issues with world readable files that contain sensitive information (e.g. passwords and access tokens or logged usernames and commands for example).

Rationale

The number of security issues created by lax permissions on configuration and log files has resulted in a number of security issues exploitable by local users. E.g.:

CVEs for configuration file permissions

CVEs for log file permissions

Please note that the above lists are by no means a complete listing of the security flaws that have resulted from lax permissions.