Your Distro is Insecure: Ubuntu
Kees Cook
kees at ubuntu.com
Tue Apr 14 19:27:31 UTC 2009
On Tue, Apr 14, 2009 at 08:58:58PM +0200, Ante Karamati?? wrote:
> If we opt for 0700 on home directory, we should make sure everything
> else works. As people already said, 0700 permission of home directories
> don't make your data secure. Closest thing to usable secure data is
> crypted home directory, which thanks to Dustin, we provide.
When discussed at the last UDS, the decision was to create a 0700 ~/Private
directory, but it was never added to xdg-user-dirs. I'm hoping to see that
fixed in Karmic.
As for 0700, that will be ~/public_html/. It doesn't need read, but it
does need exec.
> And this is EOD from me on this article. I'm in favour of starting a
> discussion about possibilities to change default permissions for home
> directories.
This discussion has already happened. The solution is education, or if
it's really that important, a debconf question for configuring
/etc/adduser.conf.
--
Kees Cook
Ubuntu Security Team
More information about the ubuntu-server
mailing list