Your Distro is Insecure: Ubuntu

Karl Goetz karl at
Wed Apr 15 01:00:37 UTC 2009

On Tue, 14 Apr 2009 12:27:31 -0700
Kees Cook <kees at> wrote:

> On Tue, Apr 14, 2009 at 08:58:58PM +0200, Ante Karamati?? wrote:
> > If we opt for 0700 on home directory, we should make sure everything
> > else works. As people already said, 0700 permission of home
> > directories don't make your data secure. Closest thing to usable
> > secure data is crypted home directory, which thanks to Dustin, we
> > provide.
> When discussed at the last UDS, the decision was to create a 0700
> ~/Private directory, but it was never added to xdg-user-dirs.  I'm
> hoping to see that fixed in Karmic.
> As for 0700, that will be ~/public_html/.  It doesn't need read, but
> it does need exec.

It doesn't need read on $HOME, but I'm pretty sure it needs it on

> > And this is EOD from me on this article. I'm in favour of starting a
> > discussion about possibilities to change default permissions for
> > home directories.
> This discussion has already happened.  The solution is education, or
> if it's really that important, a debconf question for configuring
> /etc/adduser.conf.

Karl Goetz, (Kamping_Kaiser / VK5FOSS)
Debian user / gNewSense contributor
No, I won't join your social networking group
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <>

More information about the ubuntu-server mailing list