Your Distro is Insecure: Ubuntu
James Dinkel
jdinkel at gmail.com
Tue Apr 14 17:09:08 UTC 2009
Sorry ivoks, I apparently replied this directly to you the first time. oops
:(
re-sending (this was before page 2 was available):
I can not get page 2 to come up either. I can't imagine page 2 having any
worthwhile substance though, judging from page 1. The whole MySQL root
password criticism seems silly. The password prompt is there and if the
user chooses to leave it blank or use the word 'password' than that is the
users lack of security, not Ubuntu's.
The home directory permissions is a tad more valid. Even still, with 700
permissions, it is very easy to boot to a livecd and use root to bypass the
directory permissions. The new encryption solution is much better in that
regard. It gives a true level of security rather than the false sense of
security from directory permissions. I don't think I quite believe ivoks
concern that 700 permissions could cause problems "like, personal web
pages... mail delivery, etc" since the new Jaunty encrypts the entire user's
home directory and 700 permissions would give a bit of extra security
against users who do not have physical access to the hard drive.
James
2009/4/14 Ante Karamatić <ivoks at grad.hr>
> U Uto, 14. 04. 2009., u 08:24 -0600, Alberto Sierra je napisao/la:
>
> > what do you guys think?
>
> As for first page, there are use cases for DIR_MODE 0755 and 0700.
> Whatever you choose, you will never ever choose good default for
> everyone - that's just not possible. Since we choose to be Linux for
> human beings, I guess, we would rather put 0755 than 0700. 0700 brings
> you just too much problems later (like, personal web pages, possible
> problems with mail delivery, etc...).
>
> Never the less, there are some things we can and should fix. For
> example, default umask for users in Ubuntu is 022, but vsftpd has 077
> default umask. This should be made consistent.
>
> As for page #2.:
>
> 'Sorry but the page you are looking for does not exist'
>
>
>
> --
> ubuntu-server mailing list
> ubuntu-server at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
> More info: https://wiki.ubuntu.com/ServerTeam
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20090414/79202a14/attachment.html>
More information about the ubuntu-server
mailing list