Yuri Voinov
2008-Aug-10 17:48 UTC
[dtrace-discuss] Too loose permissions set when install DTraceToolkit
Hi, I suggest, the permissions for DTT is set too loose. User "100", group "others", 755 rights mask... On public productive servers it can be security issue. May be this is not bug, but I think, more better wiil be sometning like 750 with root owner and root group. Thanks. -- This message posted from opensolaris.org
Boyd Adamson
2008-Aug-11 03:47 UTC
[dtrace-discuss] Too loose permissions set when install DTraceToolkit
Yuri Voinov <yvoinov at gmail.com> writes:> Hi, I suggest, the permissions for DTT is set too loose. User "100", > group "others", 755 rights mask... On public productive servers it can > be security issue. > > May be this is not bug, but I think, more better wiil be sometning > like 750 with root owner and root group.You are aware that, even with permission to read the scripts, non root users can''t use DTrace by default? I''m not arguing with your contention that they should be owned by root, I''ll leave others to express a view there. There are, however, likely to be cases where non-root users are given DTrace privileges and should be able to run the scripts. After all, if they have the process privileges to run DTrace there''s nothing to stop them installing their own copy of the scripts and running then. IMHO, Privileges are the place to restrict access to DTrace, not script permissions. Boyd