[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: /root/ drwxr-xr-x? possible solution?

Either /root as 755 is a problem, and everyone should run
around 'chmod 700 root'-ing, or 755 is not a problem, and
this discussion is dumb.  There is no middle ground where a
new installation should ask - if it's not dangerous, don't
ask.  If it /is/ dangerous, don't ask.  It's the dumb users
you're trying to protect, and you shouldn't ask dumb users
dumb questions.

If 755 root were a problem, I'd expect to find it mentioned
in the securing-debian-howto.  It's not, at least on my grep
for "root" and "permission".  There's no bug against
harden-doc, which is the package containing the howto, or
against harden, which is the source package.  I assume that
the rest of the harden packages don't change permissions or
warn about /root.

I would much prefer that the community started a discussion
about making security the default on any of the /actual/
security issues listed in the securing-debian-howto, for
example, disabling remote root login, or making sure the
system is kept up-to-date with security patches.

In the interest of brevity,
Mike Stone:
Craig Sanders:



Now back to your regularly scheduled "I just noticed I can
remove a file I don't have write permission on" security

Reply to: