security issues

wardenik
Beiträge: 65
Registriert: 27 Okt 2008, 12:22

security issues

Beitragvon wardenik » 30 Okt 2008, 15:48

hi,

one obvious thing that I have noticed...
files inside the depot on the shares (i.e. opt_pcbin\*\*) should not be writable
they should be denied either by smb.conf directive (easier) or by FS privileges on the opsi host (harder, because everytime you modify the script you would have to change the privileges and besides, reinstallation of the packages will not be possible).

so my advice is to set readonly = yes in smb.conf instead of writeable = yes

Benutzeravatar
d.oertel
uib-Team
Beiträge: 3269
Registriert: 04 Jun 2008, 14:27

Re: security issues

Beitragvon d.oertel » 30 Okt 2008, 16:02

Hi wardenik,

yes, we agree.

opsi until version 3.3 needed write access to this share.
We did a lot of changes and development to make it possible to use this share read only.
At the moment this should work (we hope) even it is not tested yet.

So if you try it, please tell us your experience.

regards

detlef oertel
opsi support - uib gmbh

For productive opsi installations we recommend support contracts.
http://www.uib.de
http://www.opsi.org

wardenik
Beiträge: 65
Registriert: 27 Okt 2008, 12:22

Re: security issues

Beitragvon wardenik » 10 Nov 2008, 16:35

No problems with the install pcbin share being set to readonly.