Your Distro is Insecure: Ubuntu

Kees Cook kees at ubuntu.com
Tue Apr 14 18:57:57 UTC 2009


On Tue, Apr 14, 2009 at 01:20:31PM -0500, Tony Yarusso wrote:
> I've always been a little bit uncomfortable with the choice of default
> permissions for user home directories, and would like to see some more
> discussion around that.

https://wiki.ubuntu.com/SecurityTeam/FAQ#Permissive%20Home%20Directory%20Permissions

> (Past answers essentially being "it's easier
> this way", for file sharing and the like, which doesn't seem
> particularly convincing to me.)

It is certainly a very specific trade-off that was chosen early in Ubuntu
design.  But that's why /etc/adduser.conf exists.  :)

-- 
Kees Cook
Ubuntu Security Team




More information about the ubuntu-server mailing list