Re: RC Security Flaw - mkdir & script create as 755, 644. SB &700, yes?
On Mon, Feb 25, 2002 at 02:22:26PM -0800, tluxt2@yahoo.com wrote:
> Because, if those bits are left on (most importantly for the world bits -
> perhaps less importantly for the group bits), then, _by default_, nonroot users
> will have access to such directories and files.
>
> I think that is a bad default. It provides a way that non root users have
> access to some root information - by default. Perhaps that information should
> not be available to non root users.
>
> So, by default, non root users shouldn't be given access to such things. So,
> by default, those bits should be off.
Actually, it used that once and it became really annoying. All of a sudden
users could no longer use apt-cache search or apt-get source because of
permission problem.
I'm a beleiver in that everything should be world readable unless it really
is sensetive. There are more non-sensetive files around than sensetive ones.
Especially on a home system.
> Perhaps this is analogous to locking the door to one's house. If you live in
> an isolated very small town, where everyone is friends and everyone knows
> everyone, you might leave the door of your house unlocked all the time. But,
> if you lived in a big city, you could quickly loose valueable things if you did
> that. So, in a big city, by default, you lock your door.
And I would consider most machines to be an isolated small town. People
whose machines would be ocnsidered a "big city" would know how to configure
their machine.
--
Martijn van Oosterhout <kleptog@svana.org>
http://svana.org/kleptog/
> If the company that invents a cure for AIDS is expected to make their
> money back in 17 years, why can't we ask the same of the company that
> markets big-titted lip-syncing chicks and goddamn cartoon mice?
Reply to: