Bug#536760: debsecan shouldn't need to be root to work

2016-11-14 Thread Michael Stapelberg 
Hi Arne,

Arne Wichmann  writes:
> Specifically the configuration file and whitelist file should default to a
> user-accessible place.
>
> Reasoning: debsecan does not need to be run as root for any of its
> functionality, so it should not be run as root.

I agree that debsecan should not be run as root, but I fail to see how
that can be automatically set up in such a way that users can access the
configuration file and whitelist:

Assume we make the config+whitelist world-writeable. This poses a
security threat, because any user on your system may now modify what the
sysadmin sees in the report (and thereby hide vulnerabilities).

Assume we introduce a new user account (e.g. “debsecan”) owning the
config+whitelist. Now your user (e.g. “aw”) doesn’t have permission to
edit the config+whitelist.

Can you elaborate on what you had in mind please?

-- 
Best regards,
Michael

Bug#536760: debsecan shouldn't need to be root to work

2009-07-13 Thread Arne Wichmann 
Package: debsecan
Version: 0.4.12
Severity: wishlist

Specifically the configuration file and whitelist file should default to a
user-accessible place.

Reasoning: debsecan does not need to be run as root for any of its
functionality, so it should not be run as root.

Keep up the good work,

AW
-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable'), (50, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26 (PREEMPT)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages debsecan depends on:
ii  debconf [debconf-2.0] 1.5.26 Debian configuration management sy
ii  python2.5.4-2An interactive high-level object-o
ii  python-apt0.7.10.4   Python interface to libapt-pkg

Versions of packages debsecan recommends:
ii  cron  3.0pl1-106 process scheduling daemon
ii  exim4 4.69-11metapackage to ease Exim MTA (v4) 
ii  exim4-daemon-light [mail-tran 4.69-11lightweight Exim MTA (v4) daemon

debsecan suggests no packages.

-- debconf information excluded



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org