Your Distro is Insecure: Ubuntu
Matt Isaacs
matthew.isaacs at gmail.com
Tue Apr 14 19:00:43 UTC 2009
On Tue, Apr 14, 2009 at 1:57 PM, Kees Cook <kees at ubuntu.com> wrote:
> On Tue, Apr 14, 2009 at 01:20:31PM -0500, Tony Yarusso wrote:
> > I've always been a little bit uncomfortable with the choice of default
> > permissions for user home directories, and would like to see some more
> > discussion around that.
>
>
> https://wiki.ubuntu.com/SecurityTeam/FAQ#Permissive%20Home%20Directory%20Permissions
>
> > (Past answers essentially being "it's easier
> > this way", for file sharing and the like, which doesn't seem
> > particularly convincing to me.)
>
> It is certainly a very specific trade-off that was chosen early in Ubuntu
> design. But that's why /etc/adduser.conf exists. :)
>
It's not just Ubuntu. IIRC, all the distros I used before switching to
Ubuntu had permissive home directory permissions by default.
>
> --
> Kees Cook
> Ubuntu Security Team
>
> --
> ubuntu-server mailing list
> ubuntu-server at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
> More info: https://wiki.ubuntu.com/ServerTeam
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20090414/54fd9b48/attachment.html>
More information about the ubuntu-server
mailing list