Mantis Bug Tracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0000087Openlinkpublic2007-01-20 16:372008-12-27 01:10
Reporterarmstation 
Assigned Tojonli447 
PrioritynormalSeverityminorReproducibilityalways
StatusconfirmedResolutionopen 
PlatformOSOS Version
Summary0000087: /etc/profile permissions
DescriptionOn the default LinkStation image, /etc/profile is not executable by regular users. When logging in using a non-root account an error occurs when trying to source the system profile.

example:
su - postgres
sh: /etc/profile: Permission denied
Additional Information/etc/profile default permissions:
-rwx---- 1 root root /etc/profile

Should be something like:
-rwxr-xr-x 1 root root /etc/profile
TagsNo tags attached.
Openlink PlatformGL (arm9)
Attached Files

- Relationships

-  Notes
(0000014)
jonli447 (developer)
2007-01-26 02:41

Why do non-root accounts need to access /etc/profile? The box should be restrictive because it may be used to offer services to the open internet. Allowing all accounts to access /etc/profile may pose a security issue.

Please let us know the reasons why you believe /etc/profile should be world readable.

Thx.
(0000016)
armstation (reporter)
2007-01-27 12:19

I should have explained this better.

The default LinkStation image only allows read-execute (and write) to the root user. (mode 700).

In addition to those permissions, there should be just read access allowed for other users (mode 644).

This is important when additional users need to be added. For instance if you create a database user and use that account to setup a database, this user will not be able to source /etc/profile. Only root should be able to write to /etc/profile, but all users should be able to read it.

I don't see any security issue as long as it is just read-only, not write access.

Consider the default Ubuntu /etc/profile permissions (644):
-rw-r--r-- 1 root root 369 2006-10-25 08:26 /etc/profile
(0000027)
jonli447 (developer)
2007-02-17 00:46

Changes will be implemented in the next release.

- Issue History
Date Modified Username Field Change
2007-01-20 16:37 armstation New Issue
2007-01-26 02:41 jonli447 Note Added: 0000014
2007-01-26 02:41 jonli447 Assigned To => jonli447
2007-01-26 02:41 jonli447 Status new => feedback
2007-01-27 12:19 armstation Note Added: 0000016
2007-02-12 17:00 jonli447 Status feedback => acknowledged
2007-02-17 00:46 jonli447 Note Added: 0000027
2007-02-17 00:46 jonli447 Status acknowledged => confirmed
2007-08-08 16:10 Uzume Note Added: 0000056
2007-08-08 16:10 Uzume Note Deleted: 0000056
2008-12-27 01:08 sungod Openlink Platform => GL (arm9)
2008-12-27 01:10 sungod Project @25@ => Openlink


Copyright © 2000 - 2011 MantisBT Group
Powered by Mantis Bugtracker