Solaris 9

SteveK1979 · 07-10-2007, 06:40 PM

Hi,

This is probably opening up a whole can of worms about the permissions of a lot of files in /etc, but anyway...

Given what the /etc/system file is, and that according to the man page:

Code:

$ man -s 4 system
[...]
NOTES
     The /etc/system file is read only once, at boot time.

SunOS 5.9           Last change: 18 Feb 2003                    4

I was surprised to find the permissions on this file set as such:

Code:

$ ls -l /etc/system
-rw-r--r--   1 root     sys         2320 Jun 10 22:47 /etc/system

I just don't see any good reason why this file would be world readable. Actually, I don't see any real reason why this file doesn't have permissions of 0400. Is there any reason I can't chmod it 0400?

If it can be changed, does ASET pick this up?

Cheers,
Steve

jschiwal · 07-10-2007, 08:00 PM

Would some program possibly look for changes from defaults during startup?

They probably would use getconf instead unless changes made in the /etc/system file wouldn't be be reflected. That may not be the case.

jlliagre · 07-10-2007, 10:17 PM

Quote:

Originally Posted by SteveK1979

I just don't see any good reason why this file would be world readable. Actually, I don't see any real reason why this file doesn't have permissions of 0400.

I agree with jschiwal. The settings done in this file are of interest for several applications so making it unreadable for them would be a regression.
I don't understand why you want this file to be read-only. It has no security data in it.

SteveK1979 · 07-12-2007, 08:27 AM

Quote:

Originally Posted by jlliagre

I agree with jschiwal. The settings done in this file are of interest for several applications so making it unreadable for them would be a regression.
I don't understand why you want this file to be read-only. It has no security data in it.

I was just using the method of applying least privilege to the system. It does hold critical system information, and you can also consult this file to see if, for example, a non-executable stack is enabled on the system. But I guess it's not really a source of security information.

What programs would you expect to see querying this file?

Cheers,
Steve

jschiwal · 07-12-2007, 03:14 PM

You might try using the strings command and see if programs have the string "/etc/system" in them. Also use lsof to see if any program has the file open.

It might be the case that items that might be in the file would be available using one of the getconf commands, and only a poorly written program would access them. A config script on the system itself or maybe a ./configure script generated by autoconf might check for certain values. It could be that even if they do, they might be checking for changes that you haven't make, or just make a mistake guessing on default capabilities. Even such a system script will probably be run as root. I don't think changing the permissions would hurt anything. I don't know if any information in it wouldn't be available in another way, or be something that you really need to protect.