[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: rwxr-xr-x /root

On Sat, Nov 11, 2000 at 05:54:16PM +0100, Josip Rodin wrote:
> On Sat, Nov 11, 2000 at 04:15:19PM +0100, Robin Putters wrote:
> > First of all, I don't know if this is the right list to send this question
> > to. If not, please don't hurt me :).
> > 
> > After I had installed potato, I noticed that my /root had it's permissions
> > set to 755. I thought I did something wrong, but I decided to have a look at
> > base2_2.tgz. The permissions are 755 in that package too.
> > Why on earth would you want to have your roots homedir world-readable? It
> > sounds like a serious security issue to me.
> In theory, having the directory readable to others shouldn't hurt because
> root should guard his files just like any other user. Having it unreadable
> to others can be declared security through obscurity, and Debian in general
> doesn't do that.
> In practice, it's a bad idea because roots can be careless just like other
> users, and then it affects the whole system... the default installation
> should try to protect the user from himself.
> Bug report about this has already been filed.

Of course, then there's the fact that there's really no reason for root
to HAVE files; others may disagree w/ me, but honestly, why would you
need to?  You should be doing things like compiling tarballs as a normal
user, and sudo'ing to make install.  The only files that would be owned
by root would be in places other than /root and /home.  Of course, if
you're not using sudo, and regularly logging in as root, then you're
probably not too concerned with security to begin with..

This is all IMHO.  No flamewars w/ people who prefer normal su, please ;)

> -- 
> Digital Electronic Being Intended for Assassination and Nullification
> -- 
> To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: