[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#398793: [Adduser-devel] Bug#398793: adduser: Non system wide readable (home) directories should not be 751

Gabor Gombas wrote:

On Fri, Nov 17, 2006 at 01:11:26PM +0100, Olaf van der Spek wrote:


Sounds like the wrong definition.


There is no choice as it is enforced by the kernel: if you can open()
the directory, then you can list its contents, otherwise not.
It's like 'it's unreadable when the kernel says it is'. That's not very informative. 
Still, I'd say the adduser question is misleading.


So what is the purpose of using 751 (besides security through obscurity)?


This is "security through obscurity" to exactly the same degree as
password authentication is. Sure, you can send the rest of your life


Really?
Passwords are supposed to be semi-random and hard to guess. File names are supposed to be the opposite. 


Is a Debian system required to use Apache with user dirs?
No, why would it? 

Since you listed it as a thing that should be done.

> On the other hand, what do you mean by "user dirs" -

mod_userdir or something else? For example we used an external mapping
program with mod_rewrite instead of mod_userdir.


The HTTP /~user path pointing to /home/user/public_html.


That doesn't sound right either.
With PHP you can easily read those files from another user/vhost if they're world-readable. 


I thought that mentioning ACLs would make it clear that the files are
no longer world readable, they are readable only for a very limited set
of users.


Sorry, I meant readable by the web server, not world-readable.


If you allow users to have unchecked PHP scripts running under the web
server's user ID on a real multi-user system then you're welcome to
shoot yourself in the foot. If you allow different vhosts to run
untrusted PHP files under the same user ID then you're welcome to shoot
yourself in the other foot.


That sounds better.
--
Olaf van der Spek
http://xccu.sf.net/
Reply to: