Survey: /root/ is world readable - did you know

Chanchao custom at freenet.de
Mon Apr 24 07:12:30 UTC 2006


On Mon, 2006-04-24 at 08:26 +0200, nodata wrote:

> I was surprised to learn that the super-users directory, /root/ is
> world-readable, anyone can read files in there.
> 
> Just a quick survey: did you realise this?

I never wondered about /root/ specifically, but I did realise that (and
indeed wondered why) a lot of the system files and logs are world
readable. 

Similarly, user's home folders are world readable by default, which I
frankly find even harder to understand.  It becomes even more hard to
understand when you realize that for example Firefox bookmarks and
form-data history and browser-history files are world readable.  Like:
WHAT??  Do I want everyone to be able to read my bookmarks and browser
history?????????????  Same for Evolution.. WHAT?? (2) I completely
cannot believe this!

I think in Unix-derived OS's, 'security' seems to be limited to the
system itself.  We've discussed this before, how the system seems
bullet-proof protected, but very little stands in the way of
accidentally wiping out your own valuable and irreplacable files, either
by yourself by mistake or through some trojan-horse type of program that
you run.

Good to note that Ubuntu is primarily used in a single user desktop type
environment, because security of user's home folders (including /root/,
indeed) is, err, absent.

Now that I thought about all this again I indeed realize that the
current situation is completely not acceptable, I will need to check how
to protect my home folder, and make sure that new files/folders by
default won't get '644'/'755'.  I recall this is some umask setting but
I don't remember where this is configured.  fstab perhaps?  Or can it be
set on a user level?  the default .profile?  Good example that shows
that Linux is still not easy. At least I have 'enough knowledge to be
dangerous', or to know where to start searching, key words like 'umask'
'permissions' 'chmod' and all.  

How about Edubuntu?  When you set that up as a family computer, does
Edubuntu keep the kids out of dad's porn-stash, or is it again a '755
open house galore free for all'?? 

Cheers,
Chanchao





More information about the ubuntu-users mailing list