Date: Thu, 4 Jun 2020 16:04:20 +0000 (UTC) From: Conrad Meyer <cem@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r361791 - head/etc/mtree Message-ID: <202006041604.054G4KAb098395@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: cem Date: Thu Jun 4 16:04:19 2020 New Revision: 361791 URL: https://svnweb.freebsd.org/changeset/base/361791 Log: Restrict default /root permissions Remove world-readability from the root directory. Sensitive information may be stored in /root and we diverge here from normative administrative practice, as well as installation defaults of other Unix-alikes. The wheel group is still permitted to read the directory. 750 is no more restrictive than defaults for the rest of the open source Unix-alike world. In particular, Ben Woods surveyed DragonFly, NetBSD, OpenBSD, ArchLinux, CentOS, Debian, Fedora, Slackware, and Ubuntu. None have a world-readable /root by default. Submitted by: Gordon Bergling <gbergling AT gmail.com> Reviewed by: ian, myself Discussed with: emaste (informal approval) Relnotes: sure? Differential Revision: https://reviews.freebsd.org/D23392 Modified: head/etc/mtree/BSD.root.dist Modified: head/etc/mtree/BSD.root.dist ============================================================================== --- head/etc/mtree/BSD.root.dist Thu Jun 4 14:44:44 2020 (r361790) +++ head/etc/mtree/BSD.root.dist Thu Jun 4 16:04:19 2020 (r361791) @@ -117,7 +117,7 @@ .. rescue .. - root + root mode=0750 .. sbin ..
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202006041604.054G4KAb098395>