Your Distro is Insecure: Ubuntu
Ante Karamatić
ivoks at grad.hr
Tue Apr 14 18:58:58 UTC 2009
U Uto, 14. 04. 2009., u 12:35 -0600, Alberto Sierra je napisao/la:
> Bottom line is, the article may not be good, but it is a great tool as
> feedback for the server team, and constructive critisism is needed to
> improve overall.
Except the default home directory permissions, nothing else in that
article is valid and, imho, it's just FUD. If anyone, I'm always open
for constructive criticism, but this article isn't that. It shows lack
of knowledge about stuff author is writing about (POP2, IMAP2, bootpc,
bootps, system's user shells). I'm even shocked that such a poor written
article is on a front page of Linux Magazine.
Only valid point I'm seeing in whole discussion are default permissions
on home directory. We haven't made any special decisions (IIRC), we just
inherited Debian approach. Looking at Debian's success in security and
on servers, I would argue they know better than Ronald McCarty. Still,
we should make decision about this and fix everything that doesn't
comply (ATM, vsftpd doesn't comply with current setup).
If we opt for 0700 on home directory, we should make sure everything
else works. As people already said, 0700 permission of home directories
don't make your data secure. Closest thing to usable secure data is
crypted home directory, which thanks to Dustin, we provide.
And this is EOD from me on this article. I'm in favour of starting a
discussion about possibilities to change default permissions for home
directories.
More information about the ubuntu-server
mailing list