Date: Thu, 30 Jan 2020 13:19:49 -0800 (PST) From: "Rodney W. Grimes" <freebsd-rwg@gndrsh.dnsmgr.net> To: Wojciech Puchar <wojtek@puchar.net> Cc: Ryan Stone <rysto32@gmail.com>, FreeBSD Hackers <freebsd-hackers@freebsd.org>, Gordon Bergling <gbergling@googlemail.com> Subject: Re: More secure permissions for /root and /etc/sysctl.conf Message-ID: <202001302119.00ULJn4Q070746@gndrsh.dnsmgr.net> In-Reply-To: <alpine.BSF.2.20.2001301035500.32668@puchar.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> > > On Wed, 29 Jan 2020, Ryan Stone wrote: > > > On Wed, Jan 29, 2020 at 4:26 AM Gordon Bergling via freebsd-hackers > > <freebsd-hackers@freebsd.org> wrote: > >> > >> Hi, > >> > >> I recently stumbled upon the default world readable permissons of /root and > >> /etc/sysctl.conf. I think that it would be more secure to reduce the default > >> permission for /root to 0700 and to 0600 for /etc/sysctl.conf. > > > > I don't see the point in making this change to sysctl.conf. sysctls > > are readable by any user. Hiding the contents of sysctl.conf does not > > prevent unprivileged users from seeing what values have been changed > > from the defaults; it merely makes it more tedious. > true. but /root should be root only readable Based on what? What security does this provide to what part of the system? Why should it not also be group wheel readable? Why should a member of wheel have to su to ls /root? -- Rod Grimes rgrimes@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202001302119.00ULJn4Q070746>