Re: ipchains: /proc/net/ip_fw* permission change

Paul Rusty Russell (Paul.Russell@rustcorp.com.au)
Mon, 18 Jan 1999 15:42:09 +1130


In message <m101yue-0007U1C@the-village.bc.nu> you write:
> > such a discussion would have happened, or is there an obvious reason why
> > people shouldn't be allowed to see how many packets have been processed
> > by ipchains?
>
> For accounting only minor ones, for firewalling serious ones.

I got overridden on this one. As pointed out, it was that way all
through 2.0; changing the permissions to root-readable only is of such
marginal benifit that I would not have done it in a freeze. Given
that monitoring programs now need to run as root, the net result is
probably no change in security.

Rusty.

--
 .sig lost in the mail.

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/