[Bug 1127792] Re: home dirs created world-readable

Fri Feb 22 15:42:49 UTC 2013

Thanks for taking the time to report this bug and helping to make Ubuntu better.  This is not a bug, but rather expected behavior:
https://wiki.ubuntu.com/SecurityTeam/Policies#Permissive_Home_Directory_Access

Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

** Changed in: shadow (Ubuntu)
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to shadow in Ubuntu.
https://bugs.launchpad.net/bugs/1127792

Title:
  home dirs created world-readable

Status in “shadow” package in Ubuntu:
  Invalid

Bug description:
  Default umask in /etc/login.defs is 022.  This leads to group & world
  readable user home directories.

  This is not a bug in itself and it is not new.  It is however a
  vulnerability that, on most user-installed systems, remains
  uncorrected. One cannot expect that all user-installed systems will
  ever be single-user.

  If there are no compelling reasons to keep it this way, why not using
  027 or  077 as default masks?

  ProblemType: Bug
  DistroRelease: Ubuntu 12.10
  Package: passwd 1:4.1.4.2+svn3283-3ubuntu7
  ProcVersionSignature: Ubuntu 3.5.0-23.35-generic 3.5.7.2
  Uname: Linux 3.5.0-23-generic x86_64
  NonfreeKernelModules: nvidia
  ApportVersion: 2.6.1-0ubuntu10
  Architecture: amd64
  Date: Sat Feb 16 20:28:35 2013
  InstallationDate: Installed on 2013-01-27 (20 days ago)
  InstallationMedia: Xubuntu 12.10 "Quantal Quetzal" - Release amd64 (20121017.1)
  MarkForUpload: True
  ProcEnviron:
   LANGUAGE=en_CA:en
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=<set>
   LANG=en_CA.UTF-8
   SHELL=/bin/bash
  SourcePackage: shadow
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1127792/+subscriptions