Your Distro is Insecure: Ubuntu

Kees Cook kees at
Tue Apr 14 19:27:31 UTC 2009

On Tue, Apr 14, 2009 at 08:58:58PM +0200, Ante Karamati?? wrote:
> If we opt for 0700 on home directory, we should make sure everything
> else works. As people already said, 0700 permission of home directories
> don't make your data secure. Closest thing to usable secure data is
> crypted home directory, which thanks to Dustin, we provide.

When discussed at the last UDS, the decision was to create a 0700 ~/Private
directory, but it was never added to xdg-user-dirs.  I'm hoping to see that
fixed in Karmic.

As for 0700, that will be ~/public_html/.  It doesn't need read, but it
does need exec.

> And this is EOD from me on this article. I'm in favour of starting a
> discussion about possibilities to change default permissions for home
> directories.

This discussion has already happened.  The solution is education, or if
it's really that important, a debconf question for configuring

Kees Cook
Ubuntu Security Team

More information about the ubuntu-server mailing list