[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: rwxr-xr-x /root

On Sat, Nov 11, 2000 at 04:15:19PM +0100, Robin Putters wrote:
> First of all, I don't know if this is the right list to send this question
> to. If not, please don't hurt me :).
> After I had installed potato, I noticed that my /root had it's permissions
> set to 755. I thought I did something wrong, but I decided to have a look at
> base2_2.tgz. The permissions are 755 in that package too.
> Why on earth would you want to have your roots homedir world-readable? It
> sounds like a serious security issue to me.

In theory, having the directory readable to others shouldn't hurt because
root should guard his files just like any other user. Having it unreadable
to others can be declared security through obscurity, and Debian in general
doesn't do that.

In practice, it's a bad idea because roots can be careless just like other
users, and then it affects the whole system... the default installation
should try to protect the user from himself.

Bug report about this has already been filed.

Digital Electronic Being Intended for Assassination and Nullification

Reply to: