https://fedorahosted.org/fpc/ticket/543 Have secure by default permissions for configuration and log files [edit] Proposed change All configuration files (e.g. files in /etc/) and all log files (e.g. files in /var/log/) must not be set world-readable unless there is a functional reason to do so. By default, configuration files should be chmod 600 or 0640 and log files should be chmod 0600. This is due to a continuing number of security issues with world readable files that contain sensitive information (e.g. passwords and access tokens or logged usernames and commands for example). Some examples: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=configuration+file+permissions http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=log+file+permissions https://fedoraproject.org/wiki/Kurtseifried/secure_config_and_log_permissions Thanks! -- Kurt Seifried -- Red Hat -- Product Security -- Cloud PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 Red Hat Product Security contact: secalert@xxxxxxxxxx
Attachment:
signature.asc
Description: OpenPGP digital signature
-- packaging mailing list packaging@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/packaging
