Re: RC Security Flaw - mkdir & script create as 755, 644. SB &700, yes?

To: tluxt2@yahoo.com
Cc: debian-devel@lists.debian.org
Subject: Re: RC Security Flaw - mkdir & script create as 755, 644. SB &700, yes?
From: Anders Arnholm <anders@arnholm.nu>
Date: Wed, 27 Feb 2002 13:03:14 +0100
Message-id: <[🔎] 20020227120314.GB21920@tika.solstaden.arnholm.nu>
Mail-followup-to: Anders Arnholm <anders@arnholm.nu>, tluxt2@yahoo.com, debian-devel@lists.debian.org
In-reply-to: <[🔎] 20020225222226.57210.qmail@web21302.mail.yahoo.com>
References: <[🔎] 20020225111440.GV7126@wiggy.net> <[🔎] 20020225222226.57210.qmail@web21302.mail.yahoo.com>

On Mon, Feb 25, 2002 at 02:22:26PM -0800, tluxt2@yahoo.com wrote:
> --- Wichert Akkerman <wichert@wiggy.net> wrote:
> > Previously tluxt2@yahoo.com wrote:
> > > I think, from a security standpoint, from a fresh install, it would be
> > > appropriate to have the default permissions be at most 700 (ie, no bits on
> > > in the group & world fields).
> > 
> > Why?
> 
> Because, if those bits are left on (most importantly for the world bits -
> perhaps less importantly for the group bits), then, _by default_,
> nonroot users will have access to such directories and files.

Yes, but is there anything that usally are readable that are to any harm
if the users find out? For the first i can't see anything except
paswords in the default installtion sthat are sensitive from a security
oint of view. (And with most installations (the default) those are hiden
in det shadow file and that file isn't readable).

> Perhaps this is analogous to locking the door to one's house.  If you
> live in an isolated very small town, where everyone is friends and
> everyone knows everyone, you might leave the door of your house
> unlocked all the time.  But, if you lived in a big city, you could
> quickly loose valueable things if you did that.  So, in a big city, by
> default, you lock your door.

There is am good rule don't make real world comparison in this kinds of
debattes, everyone is in some sence wrong. So even in this case, Locking
the door dosn't hinde you self from the other inhanitans in the house,
does it? If I like to keep something secreet from my whife I have to
alternatives to lock it someware where she doesn't have a key or hide
it. Both have there own special problems, the best way probably is to
put in in my own room (the computer room) and ask her not to look there.
Thats what mutan trust is about.

> My intention here is not to be impolite.  But, to me, the "why" (which I have
> just stated above) is obvious.  For some reason, though, (perhaps it wasn't

For the rest of the Unix community this why? isn't obvious, this is only
a privacy question and not a security question, one that Debian default
installation gives good alternatioves in this privacy area.

Reading the aerchives of the OpenBSD misc mailing lists should give a
good explanations about these questions, it's should soon be a faq
question there. Security dosn't have with hiding stuff to do.

/ Balp
-- 
      o_   Anders Arnholm,               HiQ - Consultant
 o/  /\    anders@arnholm.nu             Phone  : +46-703-160969
/|_, \\    http://anders.arnholm.nu/     http://www.hiq.se
/
`

Attachment: pgpYXH4aF8bm1.pgp
Description: PGP signature

Reply to:

References:
- Re: RC Security Flaw - mkdir & script create as 755, 644. SB &700, yes?
  - From: Wichert Akkerman <wichert@wiggy.net>
- Re: RC Security Flaw - mkdir & script create as 755, 644. SB &700, yes?
  - From: <tluxt2@yahoo.com>

Prev by Date: Re: Procmail Recipe for Debian Lists
Next by Date: xconq package maintained?
Previous by thread: Re: RC Security Flaw - mkdir & script create as 755, 644. SB &700, yes?
Next by thread: htdig: postrm hangs when purging (is this maintained anyway?)
Index(es):
- Date
- Thread