Home Explore Help
Sign In
SoftwareDesign
/
csu3_am335x
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
csu3_am335x
/
EVSE
/
GPL
/
open-plc-utils-0.3
/
docbook
/
ch03s02.html

ch03s02.html 3.3 KB
Permalink History Raw

1234567891011121314151617 
  1. <html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>Security Considerations</title><meta name="generator" content="DocBook XSL Stylesheets V1.76.1"><meta name="keywords" content="Intellon, Atheros, Qualcomm, HomePlug, powerline, communications, INT6000, INT6300, INT6400, AR7400, AR7420"><link rel="home" href="index.html" title="Qualcomm Atheros Open Powerline Toolkit"><link rel="up" href="ch03.html" title="Chapter 3.  Software"><link rel="prev" href="ch03.html" title="Chapter 3.  Software"><link rel="next" href="ch03s03.html" title="Platform Options"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">
    2. 

  2. 			Security Considerations
    3. 

  3. 			</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="ch03.html">Prev</a> </td><th width="60%" align="center">Chapter 3. 
    4. 

  4. 		Software 
    5. 

  5. 		</th><td width="20%" align="right"> <a accesskey="n" href="ch03s03.html">Next</a></td></tr></table><hr></div><div class="section" title="Security Considerations"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="software-security"></a>
    6. 

  6. 			Security Considerations
    7. 

  7. 			</h2></div></div></div><p>
    8. 

  8. 			Toolkit programs are installed in <code class="filename">/usr/local/bin</code> with owner <code class="constant">root</code> and group <code class="constant">root</code> (<span class="command"><strong>chown root:root</strong></span>) and with read and execute permissions for owner, group and others (<span class="command"><strong>chmod 0555</strong></span>). This lets anyone execute these programs even though they are owned by user <code class="constant">root</code>.
    9. 

  9. 			</p><p>
    10. 

  10. 			Additionally,  programs that send raw Ethernet frames are installed with seteuid owner (<span class="command"><strong>chmod 4555</strong></span>) so that they will execute with <code class="constant">root</code> user privileges, regardless of the user executing them. This lets any user send raw Ethernet frames but it also presents a security risk on the host computer. For example, program <span class="application">int6k</span> is intended to read and write <code class="filename">.nvm</code> and <code class="filename">.pib</code> files but a malicious user could use it to overwrite other files normally protected by standard file permissions. 
    11. 

  11. 			</p><p>
    12. 

  12. 			You can change the default file permissions by changing the <span class="command"><strong>-m 4555</strong></span> option on the <span class="command"><strong>install</strong></span> command in various <code class="filename">Makefiles</code>. Be aware that doing so will restrict program access to the the <code class="constant">root</code> user. 
    13. 

  13. 			</p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="ch03.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="ch03.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="ch03s03.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 3. 
    14. 

  14. 		Software 
    15. 

  15. 		 </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> 
    16. 

  16. 			Platform Options 
    17. 

  17. 			</td></tr></table></div></body></html>
    18.