Survey: /root/ is world readable - did you know
custom at freenet.de
Mon Apr 24 07:12:30 UTC 2006
On Mon, 2006-04-24 at 08:26 +0200, nodata wrote:
> I was surprised to learn that the super-users directory, /root/ is
> world-readable, anyone can read files in there.
> Just a quick survey: did you realise this?
I never wondered about /root/ specifically, but I did realise that (and
indeed wondered why) a lot of the system files and logs are world
Similarly, user's home folders are world readable by default, which I
frankly find even harder to understand. It becomes even more hard to
understand when you realize that for example Firefox bookmarks and
form-data history and browser-history files are world readable. Like:
WHAT?? Do I want everyone to be able to read my bookmarks and browser
history????????????? Same for Evolution.. WHAT?? (2) I completely
cannot believe this!
I think in Unix-derived OS's, 'security' seems to be limited to the
system itself. We've discussed this before, how the system seems
bullet-proof protected, but very little stands in the way of
accidentally wiping out your own valuable and irreplacable files, either
by yourself by mistake or through some trojan-horse type of program that
Good to note that Ubuntu is primarily used in a single user desktop type
environment, because security of user's home folders (including /root/,
indeed) is, err, absent.
Now that I thought about all this again I indeed realize that the
current situation is completely not acceptable, I will need to check how
to protect my home folder, and make sure that new files/folders by
default won't get '644'/'755'. I recall this is some umask setting but
I don't remember where this is configured. fstab perhaps? Or can it be
set on a user level? the default .profile? Good example that shows
that Linux is still not easy. At least I have 'enough knowledge to be
dangerous', or to know where to start searching, key words like 'umask'
'permissions' 'chmod' and all.
How about Edubuntu? When you set that up as a family computer, does
Edubuntu keep the kids out of dad's porn-stash, or is it again a '755
open house galore free for all'??
More information about the ubuntu-users