[ubuntu-hardened] home folder permissions

gaten education.kills at gmail.com
Thu Nov 29 03:25:18 GMT 2007 

Agree with you 100%. It seems alot of people just stop at "Linux is more
secure" and don't really look into the small things.

Case in point:
 Everyone bitches that Window XP firewall sucks, blah blah blah. Well,
iptables doesn't suck, BUT it is disabled by default (at least in
Feisty). How does that make sense? We've got a great firewall that has
been tested and improved forever installed by default, and the damn
thing isn't even on.

What does everyone think about jailed binaries for common applications?
For Firefox, for instance. Web browsers are becoming (well, have been)
an attack vector more and more, and I honestly think IE7 in Vista is a
step in the right direction. With shared folders or something, a jailed
Firefox (by default) would be an easy solution to a possible problem.

But once again, I agree with your assessment of home dirs, the current
setup just does not make sense, even in a Usability vs Security light.

John Richard Moser wrote:
> 
> Martin Pitt wrote:
>> Hi Christer,
>>
>> Nafallo Bjälevik [2007-11-24 23:20 +0000]:
>>> You must have changed that yourself. 022 is the default umask on all yet
>>> released Ubuntu versions.
>> Indeed. This is not a bug, but a deliberate decision. For home setups,
>> 022 is better to allow people to share files easily. Files which are
> 
> I believe this thinking is flawed; however, I can agree with the 
> existence of setups following that.
> 
> I feel that there should be a "Shared Documents" folder (as on Windows) 
> with mode 01777 (temporary) owned by root:root.  User home folders 
> should use mode 700 by default for the actual $HOME node.
> 
> I *would* like to say umask 700 *but* in reality it "doesn't really 
> matter" since you can't access files in mode 0700 folders if you don't 
> own the folder (regardless) (aside from hardlinks outside).  Further, 
> umask 022 leaves files readable by other users, in the event they fall 
> into the Shared Documents folder.
> 
> I believe this secure-by-default mode important.  I suggest that users 
> have a simple security panel somewhere that allows them to give access 
> to their home directory, which just 'chmod go+rx $HOME' or 'chmod go= 
> $HOME' when toggled.
> 
> When Ubuntu satisfies the above conditions, users should find that they 
> can no longer enter other users' $HOME directories.  They *should* get 
> used to using "Shared Documents" instead; however, at individual user 
> discretion, they *can* just toggle the permissions on their $HOME directory.
> 
> When we work on Windows, we juggle around a lot of CI.  You may work in 
> finance, maybe you work for a contractor, maybe you work in IT.  Imagine 
> the IT guy has some pretty sensitive documents in My Documents; when he 
> logs into MY desktop to fix it, he leaves behind a bunch of router 
> passwords as his roaming profile comes down.
> 
> In Windows I can't go in his folder and grab passwords for all the 
> routers; in Ubuntu I can.  Nobody thinks about this.  Users WON'T think 
> about anything they create in their $HOME and won't automatically 
> realize--hey anyone else touching this machine can read this!  I believe 
> the responsible thing to do is to make them acknowledge that and 
> specifically place their documents somewhere world-accessible (or e-mail 
> them around ffs).
> 
> 
> 
>> security sensitive (.bashrc, .viminfo, .ssh, .gpg, .mozilla, etc.) are
>> already 0700.
>>
>> Martin
>>
>

More information about the ubuntu-hardened mailing list