Survey: /root/ is world readable - did you know
Adam Conrad
adconrad at ubuntu.com
Mon Apr 24 13:40:06 UTC 2006
Chanchao wrote:
>
> ~/.mozilla is 755 for me? This is on my laptop (Dapper), I'll check
> again at home to see what it is there.
That's bizarre, and not something I've seen anywhere else, TBH.
>> Same argument for evolution, though in this case, it seems to keep
>> private data in a few locations, but none seem to be world-readable here.
>
> Also 755 here. Will check again on another Dapper install.
Yes, ~/.evolution is 755, but some sub-directories (where the "private"
data lives) are 700, as is ~/.gnome2_private, where most GNOMEish apps
are likely to stuff sensitive things like passwords.
> I guess that wouldn't be the first time. :) I do have the feeling that
> in the Unix (Linux) world, there's too much focus on keeping the system
> stable, but very little focus on protecting user data. This makes sense
> for large multi users systems, but for home desktop use, the system can
> be re-installed in minutes, whereas user files may be completely
> irreplaceable.
Sure, but aside from encouraging you to make backups, how do you propose
that I prevent you from accessing and harming your own data without you
getting angry with me for doing so?
The UNIX world traditionally focuses on these things:
1) You should never be able to read something that is critical to the
security of the system or another user. See 0700 shell histories,
password files, etc.
2) Users likely want to be able to easily share their (non-sensitive)
junk with other people. See 0755 home directories. If you disagree
with this (and you obviously do), you can change it. Many of us grew up
in friendly UNIX land, use multi-user systems where we share stuff
constantly, and rather like this paradigm.
3) You shouldn't ever be able to delete or alter anything that someone
else created unless they give you explicit permission to do so.
4) You should be able to do whatever you like to your own files, because
they're yours. This includes deleting them, running them through a
character randomizer, or even backing them up.
... Adam
More information about the ubuntu-users
mailing list