DSL Ideas and Suggestions :: Permissions on backup/restore password file
Since passwords can now be set for root and the user 'dsl', I wondered if it would be consistent to restrict perms on /etc/sysconfig/des to 600 in /etc/init.d/dsl-config before writing the backup/restore password there?
At present this file is world-readable.
For eg:
Code Sample
if checkbootparam "protect"; then getpasswd "encryption" touch /etc/sysconfig/des chmod 600 /etc/sysconfig/des echo "$PASSWD" > /etc/sysconfig/des fi
(Requires remastering of the iso to test).
If filetool.sh is still to be executable by user dsl, sudo will then need to be inserted before the 'cat /etc/sysconfig/des' lines in filetool.sh.
Code Sample
KEY=$(sudo cat /etc/sysconfig/des)
However, since filetool.sh never seems to be executed other than by root/sudo, all the 'sudo' commands might be safely removable from filetool.sh. In that case, the 'chown root $MOUNTPOINT/backup.des' in the hacked scripts I posted recently also can be removed.
original here.