Your Distro is Insecure: Ubuntu
Kees Cook
kees at ubuntu.com
Tue Apr 14 18:57:57 UTC 2009
On Tue, Apr 14, 2009 at 01:20:31PM -0500, Tony Yarusso wrote:
> I've always been a little bit uncomfortable with the choice of default
> permissions for user home directories, and would like to see some more
> discussion around that.
https://wiki.ubuntu.com/SecurityTeam/FAQ#Permissive%20Home%20Directory%20Permissions
> (Past answers essentially being "it's easier
> this way", for file sharing and the like, which doesn't seem
> particularly convincing to me.)
It is certainly a very specific trade-off that was chosen early in Ubuntu
design. But that's why /etc/adduser.conf exists. :)
--
Kees Cook
Ubuntu Security Team
More information about the ubuntu-server
mailing list