Date: Wed, 29 Jan 2020 13:34:38 -0800 (PST) From: "Rodney W. Grimes" <freebsd-rwg@gndrsh.dnsmgr.net> To: Gordon Bergling <gbergling@googlemail.com> Cc: freebsd-hackers@freebsd.org Subject: Re: More secure permissions for /root and /etc/sysctl.conf Message-ID: <202001292134.00TLYce8066112@gndrsh.dnsmgr.net> In-Reply-To: <20200129092631.GA22505@lion.0xfce3.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> Hi, > > I recently stumbled upon the default world readable permissons of /root and > /etc/sysctl.conf. I think that it would be more secure to reduce the default > permission for /root to 0700 and to 0600 for /etc/sysctl.conf. Those values are over kill, you really want to stop group wheel from reading these? At most they should be 0750 and 0640, and even that seems overboard. If your stroring highly secure stuff in /root your probably doing some thing wrong anyway. This appears to be security through obscurity based conservatism with no given attack vector of some form. Others have made good points as well. This also appears to be changing a default that would lead to many people unchanging it simply so a few that do change it can impose there defaults. > > I prepared a differtial for the proposed change: > https://reviews.freebsd.org/D23392 > > What do you think? Bad idea? > > Best regards, > > Gordon > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" > -- Rod Grimes rgrimes@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202001292134.00TLYce8066112>