Your Distro is Insecure: Ubuntu
Karl Goetz
karl at kgoetz.id.au
Wed Apr 15 01:00:37 UTC 2009
On Tue, 14 Apr 2009 12:27:31 -0700
Kees Cook <kees at ubuntu.com> wrote:
> On Tue, Apr 14, 2009 at 08:58:58PM +0200, Ante Karamati?? wrote:
> > If we opt for 0700 on home directory, we should make sure everything
> > else works. As people already said, 0700 permission of home
> > directories don't make your data secure. Closest thing to usable
> > secure data is crypted home directory, which thanks to Dustin, we
> > provide.
>
> When discussed at the last UDS, the decision was to create a 0700
> ~/Private directory, but it was never added to xdg-user-dirs. I'm
> hoping to see that fixed in Karmic.
>
> As for 0700, that will be ~/public_html/. It doesn't need read, but
> it does need exec.
>
It doesn't need read on $HOME, but I'm pretty sure it needs it on
~/public_html.
kk
> > And this is EOD from me on this article. I'm in favour of starting a
> > discussion about possibilities to change default permissions for
> > home directories.
>
> This discussion has already happened. The solution is education, or
> if it's really that important, a debconf question for configuring
> /etc/adduser.conf.
>
--
Karl Goetz, (Kamping_Kaiser / VK5FOSS)
Debian user / gNewSense contributor
http://www.kgoetz.id.au
No, I won't join your social networking group
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20090415/1c9bf1da/attachment.pgp>
More information about the ubuntu-server
mailing list