Re: /root/ drwxr-xr-x? possible solution?
Either /root as 755 is a problem, and everyone should run
around 'chmod 700 root'-ing, or 755 is not a problem, and
this discussion is dumb. There is no middle ground where a
new installation should ask - if it's not dangerous, don't
ask. If it /is/ dangerous, don't ask. It's the dumb users
you're trying to protect, and you shouldn't ask dumb users
dumb questions.
If 755 root were a problem, I'd expect to find it mentioned
in the securing-debian-howto. It's not, at least on my grep
for "root" and "permission". There's no bug against
harden-doc, which is the package containing the howto, or
against harden, which is the source package. I assume that
the rest of the harden packages don't change permissions or
warn about /root.
I would much prefer that the community started a discussion
about making security the default on any of the /actual/
security issues listed in the securing-debian-howto, for
example, disabling remote root login, or making sure the
system is kept up-to-date with security patches.
In the interest of brevity,
Mike Stone:
http://lists.debian.org/debian-devel/2002/debian-devel-200207/msg00514.html
Craig Sanders:
http://lists.debian.org/debian-devel/2000/debian-devel-200011/msg00811.html
Finally:
http://bugs.debian.org/76771
thanks,
-neil
Now back to your regularly scheduled "I just noticed I can
remove a file I don't have write permission on" security
panic.
Reply to: