Re: #72327: boot-floppies: doesn't install .bash_logout for root (fwd)
On Thu, 28 Sep 2000, Josip Rodin wrote:
> On Thu, Sep 28, 2000 at 02:17:03PM +0200, Santiago Vila wrote:
> > > > > $ tar ztvf base2_2.tgz | awk '$6 == "./root/" '
> > > > > drwxr-xr-x root/root 0 2000-07-05 19:47:09 ./root/
> > > >
> > > > maybe this changed. At least a have some slink boxes where 700 was the
> > > > default.
> > >
> > > Indeed, this changed, and that's not good. Why was this gratuitous change
> > > made?
> > /root has always been 755.
> I haven't seen any of those. All slink installs had it 700, which I
> considered to be a sane default.
> Anyway, history doesn't really matter with these kind of security issues --
> sendmail had loads and loads of root exploits during the last decade, it
> doesn't mean it should have them today.
Your comparison is not fair. I repeat that this is not a security
issue, just a *privacy* issue.
> > Some time ago I asked about this and 755 was considered to be good enough
> > for /root, see the archives.
> Which list?
I can't remember exactly. There is a small thread in debian-testing,
in February (Subject: potato /root permissions?), but I did not posted
We can start a new thread in debian-devel if you like.