Re: rwxr-xr-x /root
On Sat, Nov 11, 2000 at 07:58:17PM -0500, Andres Salomon wrote:
[snip]
> I apologize for sounding troll-ish previously, and I retract
> my statement that those who are using 'su' aren't security
> conscious. However, I disagree with the statement that
> /root being 755 is in any way a security issue, especially
> since it implies that normal home directories being 755
> is ok, while root's home directory is not.
[snip]
This is just IMHO, but normal home directories shouldn't be 755 either. Or
at least, the *default* shouldn't be 755. Users' files should be private
by default, unless *they* consciously choose to make it publicly
available.
<rant> Saying that default 755 for home dirs is a bit like saying an OS
should be insecure by default, since you can always secure it if you
wanted to. And yes, this is a security issue, considering that I am aware
of computer systems at certain educational institutions where the default
configuration makes the professor's home directory *writable*. Imagine the
*cough* joy *cough* of the students who found this out... Of course, you
could blame this on an incompetent sysadmin, but why leave things open by
default? Shipping with a safer default (which can be changed at will if
you don't like it, anyway) at least leaves less script-kiddie havens on
the net. No need to tempt your luck by shipping things open, just because
you *know* that 755 is harmless. Security rule #1: never trust anybody.
</rant>
OK, I just had to get that off my chest. Disclaimer: this is all IM(NS)HO,
and no personal insults are intended, so please don't start a flamewar
because of this. :-)
T
--
Real Programmers use "cat > a.out".
Reply to: