Re: #72327: boot-floppies: doesn't install .bash_logout for root (fwd)

[Santiago Vila <sanvila@unex.es>]

On Thu, 28 Sep 2000, Josip Rodin wrote:

> On Thu, Sep 28, 2000 at 02:17:03PM +0200, Santiago Vila wrote:
> > > >  > $ tar ztvf base2_2.tgz | awk '$6 == "./root/" '
> > > >  > drwxr-xr-x root/root         0 2000-07-05 19:47:09 ./root/
> > > > 
> > > > maybe this changed. At least a have some slink boxes where 700 was the
> > > > default.
> > > 
> > > Indeed, this changed, and that's not good. Why was this gratuitous change
> > > made?
> > 
> > /root has always been 755.
> 
> I haven't seen any of those. All slink installs had it 700, which I
> considered to be a sane default.
> 
> Anyway, history doesn't really matter with these kind of security issues --
> sendmail had loads and loads of root exploits during the last decade, it
> doesn't mean it should have them today.

Your comparison is not fair. I repeat that this is not a security
issue, just a *privacy* issue.

> > Some time ago I asked about this and 755 was considered to be good enough
> > for /root, see the archives.
> 
> Which list?

I can't remember exactly. There is a small thread in debian-testing,
in February (Subject: potato /root permissions?), but I did not posted
anything then.

We can start a new thread in debian-devel if you like.