On Wed, Jun 13, 2001 at 11:14:35PM -0400, D-Man wrote: > On Wed, Jun 13, 2001 at 03:17:52PM -0800, Ethan Benson wrote: > | On Wed, Jun 13, 2001 at 01:11:49PM -0400, D-Man wrote: > | > By "make my machine download things" do you mean that he logs in and > | > uses ftp or a web browser? If so, then he ought to be downloading the > | > stuff into his own home directory. By default (and quite naturally) > | > users _can't_ see someone else's home directory unless that person > | > explicitly makes it readable. > | > | wrong, debian creates home directories mode 755, world readable by > | default like all other *nixes that have come before it. > > Why would all other *nixes default to being insecure? I don't know > where it is set (possibly by the admin after using useradd), but the > home directories on the Solaris system at school are not world > readable unless one makes theirs so. Can you explain why world readable home dirs are considered insecure by default? If you can't I suggest you retract your assertion that all unices are insecure by default (you possibly could argue that if you weren't claiming this was because of world readable home dirs :) Consider that your having the ability to read and execute my home dir does not necessarily confer the ability to read the files within that directory. Are you sure the "Solaris system at school" has not had its config tweaked at all after it was installed? -- Nathan Norman - Staff Engineer | A good plan today is better Micromuse Ltd. | than a perfect plan tomorrow. mailto:nnorman@micromuse.com | -- Patton
Attachment:
pgp8aXJ0L97l4.pgp
Description: PGP signature