[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#72327: boot-floppies: doesn't install .bash_logout for root (fwd)

On Thu, Sep 28, 2000 at 02:17:03PM +0200, Santiago Vila wrote:
> > >  > $ tar ztvf base2_2.tgz | awk '$6 == "./root/" '
> > >  > drwxr-xr-x root/root         0 2000-07-05 19:47:09 ./root/
> > > 
> > > maybe this changed. At least a have some slink boxes where 700 was the
> > > default.
> > 
> > Indeed, this changed, and that's not good. Why was this gratuitous change
> > made?
> /root has always been 755.

I haven't seen any of those. All slink installs had it 700, which I
considered to be a sane default.

Anyway, history doesn't really matter with these kind of security issues --
sendmail had loads and loads of root exploits during the last decade, it
doesn't mean it should have them today.

> Some time ago I asked about this and 755 was considered to be good enough
> for /root, see the archives.

Which list?

> Anyway, the root account does not differ so much from an ordinary user
> account, because the admin is usually supposed to do "su" from an
> unprivileged account.

What people should do and what people will do is usually very different.
Besides, what does that have to do with file/directory permissions? Su'ed,
sudo'ed or logged in, admin is supposed to use his home directory for
storing something, otherwise it wouldn't be there.

Digital Electronic Being Intended for Assassination and Nullification

Reply to: