On Wed, 17 Mar 2004 22:39, Martin Ebourne <lists@xxxxxxxxxxxxx> wrote:
> Russell Coker <russell@xxxxxxxxxxxx> wrote:
> > The problem is that famd is an application which accepts network
> > connections, wants read access to every file that any user can access.
> > If you want to have a secure system you don't want many such programs.
>
> Surely it doesn't need access to the file contents - just to stat them, so
> access to directories (still a security issue, I agree).
Giving access to file names is still a security issue. If it can run with
only { getattr search } access to directories and getattr access to files
then it won't be so bad. Of course being able to remotely monitor what files
someone is writing too also provides some issues (and for some files the
names are predictable).
> > Remote famd operation is only for non-polling notifications over the
> > network. For most people having polling for file status changes on NFS
> > will probably be OK.
>
> I agree with disabling remote famd, but the original post appeared to be
> disabling the daemon entirely, which I expect would prevent local file
> monitoring too. Or do gnome/kde use dnotify directly?
I don't think that the command Dan suggested would turn it off entirely. The
libfam functionality linked into applications should still do everything you
want locally.
> Also, I thought RH/Fedora already shipped with remote famd disabled.
Not last time I checked.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
