On Thursday 06 February 2003 11:14, jolan wrote:
> if you have users and a running http daemon with scripts capable of
> reading system wide files on your firewall, i think you have bigger
> problems to worry about.
I'm not talking about a firewall setup only.
Think at a classic webserver with Apache (no chroot) + PHP + MySQL.
> besides, if your ruleset is well written, what harm can seeing it do?
What about if a local user that paid for an account can read your /etc/pf.conf
that contains IP based filtering ?
If you know which IP the root comes from you can do nasty things.
> i have a good idea, how about an obfuscated pf.conf contest?
However the fact is that I would like OpenBSD to be careful at details like
this.
If most root/admin manually change this permission, why don't make it by
default ?
Ed
