Re: RC Security Flaw - mkdir & script create as 755, 644. SB &700, yes?

To: debian-devel@lists.debian.org
Subject: Re: RC Security Flaw - mkdir & script create as 755, 644. SB &700, yes?
From: David Z Maze <dmaze@debian.org>
Date: Mon, 25 Feb 2002 18:21:59 -0500
Message-id: <[🔎] y68elj9m9k8.fsf@multics.mit.edu>
In-reply-to: <[🔎] 20020225222226.57210.qmail@web21302.mail.yahoo.com> (<tluxt2@yahoo.com>'s message of "Mon, 25 Feb 2002 14:22:26 -0800 (PST)")
References: <[🔎] 20020225222226.57210.qmail@web21302.mail.yahoo.com>

tluxt2@yahoo.com writes:
> --- Wichert Akkerman <wichert@wiggy.net> wrote:
>> Previously tluxt2@yahoo.com wrote:
>> > I think, from a security standpoint, from a fresh install, it
>> > would be appropriate to have the default permissions be at most
>> > 700 (ie, no bits on in the group & world fields).
>> 
>> Why?
> 
> Because, if those bits are left on (most importantly for the world
> bits - perhaps less importantly for the group bits), then, _by
> default_, nonroot users will have access to such directories and
> files.

This is a non-issue, though, since the root account is only used for
system administration and not for storing private data.  Changing the
default umask to 077 or 027 also leads to problems where root attempts
to recreate system directories and they wind up not being
world-readable when they should be; this seems like more aggravation
for the sysadmin than introducing any real security.

Nothing in the current world keeps a user who wants to store private
data from chmod'ing a directory to not be world-readable, or from
changing their own umask to not have files by default be
world-readable.  A similar motivation appears in Debian policy (see
section 11.9).

> I think that is a bad default.  It provides a way that non root
> users have access to some root information - by default.  Perhaps
> that information should not be available to non root users.

(I think you're trying to distinguish root from other users more so
than is actually true under Un*x.  While root does have implicit read
permission on any file on the system, a file created by root is no
more secret than a file created by any other user.  You shouldn't be
doing things as root because you think "more priviledged => more
secret"; you're more likely to accidentally do things like 
'chmod -R 0600 /etc' accidentally and hose your system.)

> Perhaps this is analogous to locking the door to one's house.  If
> you live in an isolated very small town, where everyone is friends
> and everyone knows everyone, you might leave the door of your house
> unlocked all the time.  But, if you lived in a big city, you could
> quickly loose valueable things if you did that.  So, in a big city,
> by default, you lock your door.

Here, your users live in houses, and root is just another user except
that he's also a locksmith with a master key.  Being root doesn't mean
you live in a bank vault or something like that.  :-)

-- 
David Maze         dmaze@debian.org      http://people.debian.org/~dmaze/
"Theoretical politics is interesting.  Politicking should be illegal."
	-- Abra Mitchell

Reply to:

References:
- Re: RC Security Flaw - mkdir & script create as 755, 644. SB &700, yes?
  - From: <tluxt2@yahoo.com>

Prev by Date: Re: localepurge vs. dpkg [was: Re: Bug#135564: general: Consistencia de localepurge con eurocastellanizar]
Next by Date: Re: RC Security Flaw - mkdir & script create as 755, 644. SB &700, yes?
Previous by thread: Re: RC Security Flaw - mkdir & script create as 755, 644. SB &700, yes?
Next by thread: Re: RC Security Flaw - mkdir & script create as 755, 644. SB &700, yes?
Index(es):
- Date
- Thread