help-cfengine
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security of CFINPUTS


From: Julien Brouchier
Subject: Re: Security of CFINPUTS
Date: Tue, 15 May 2001 11:26:58 +0200

Mark.Burgess@iu.hio.no wrote:
> 
> I am planning to make a change in cfengine 2 whereby, if CFINPUTS
> is not set, cfengine will look for input files in /var/cfengine/inputs.
> (/var/run/cfengine is deprecated, since some OSes clear /var/run
> on reboot)

        I always thought that /var/SOMEPROGNAME is somewhat wrong, Why 
would'nt you use /var/lib/cfengine ?

> Since cfengine checks the permissions and ownership of files before
> accepting (and will additionally authenticate them cryptographically in
> future), this seems like a reasonable feature, which could simplify
> setup.

        Authenticate cryptographically against what ? what do you want to 
check (integrity of the file ? authenticity ?) where will the signature
or 
checksums be stored  ? i mean that crypto is a serious issue and usually
just
checking the permission will grant us enought security most of the times
:o)

> Does anyone have any arguments against this?

        No arguments against, just thoughts to get things going :o)

-- 
Julien Brouchier <julien.brouchier@gemplus.com>
Gemplus/Information Security Team
Phone +33.(0)4.42.36.42.50

When the only tool you have is a hammer, every problem starts to look
like a nail.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]