Your Distro is Insecure: Ubuntu
Kees Cook
kees at ubuntu.com
Tue Apr 14 19:05:34 UTC 2009
On Tue, Apr 14, 2009 at 02:00:43PM -0500, Matt Isaacs wrote:
> On Tue, Apr 14, 2009 at 1:57 PM, Kees Cook <kees at ubuntu.com> wrote:
> > On Tue, Apr 14, 2009 at 01:20:31PM -0500, Tony Yarusso wrote:
> > > I've always been a little bit uncomfortable with the choice of default
> > > permissions for user home directories, and would like to see some more
> > > discussion around that.
> >
> > https://wiki.ubuntu.com/SecurityTeam/FAQ#Permissive%20Home%20Directory%20Permissions
> >
> > > (Past answers essentially being "it's easier
> > > this way", for file sharing and the like, which doesn't seem
> > > particularly convincing to me.)
> >
> > It is certainly a very specific trade-off that was chosen early in Ubuntu
> > design. But that's why /etc/adduser.conf exists. :)
>
> It's not just Ubuntu. IIRC, all the distros I used before switching to
> Ubuntu had permissive home directory permissions by default.
Right, but I mean to say it was actually discussed, and decided on, rather
than just being carried over from Debian, etc.
--
Kees Cook
Ubuntu Security Team
More information about the ubuntu-server
mailing list