At 19:23 Uhr +0200 08.03.2003, Birzan George Cristian wrote:
On Sat, Mar 08, 2003 at 05:40:31PM +0100, Christian Jaeger wrote:- You should also be aware that a 0700 directory does not protect you if you are moving another directory from outside to inside, since users who have already chdir'd into it remain inside it.Yes, but how often does that happen?
Maybe not often, but an attacker could run a daemon that opendir()s each newly created directory just in the hope that one of them happens to be moved into your secret area. Call me paranoid:) (And I still don't see a reason why it should be different for root than anyone else. The other user's secrets are probably just as important as root's.)
> - The problem with a 0700 /root is that it does not leave it a *joice*anymore.Eh, you'll have to excuse me, but I have no idea what that phrase means.
I meant, if /root is world-readable, then you can still make a subdirectory which is not (i.e. I have a /root/tmp which is 0700). If /root is not world-readable, then it can never contain stuff to be used by other users.
> Maybe you can tell me which other directory is better suited forthat than /root?Yes. Your regular account's home.
I don't because:- I'm promoting my /root/{bin,...} solution for colleagues as well, and we share scripts in those directories. They would have to include the bin/ subdirectory of my home dir on the machines we share. - the scripts under /root/* are owned by root. If OTOH I'm executing the $HOME/bin/ scripts of another user and his account is compromised, root would be as well. - in my own non-root ~/bin/ are scripts that are really specific to me, noone else. (And sometimes I start writing new scripts there, until they are ready for everyone to be used, at which point I'm moving and chown'ing them to root.)
Christian