Date: Fri, 31 Jan 2020 02:25:35 -0800 (PST) From: "Rodney W. Grimes" <freebsd-rwg@gndrsh.dnsmgr.net> To: Wojciech Puchar <wojtek@puchar.net> Cc: "Rodney W. Grimes" <freebsd-rwg@gndrsh.dnsmgr.net>, FreeBSD Hackers <freebsd-hackers@freebsd.org>, Gordon Bergling <gbergling@googlemail.com>, Ryan Stone <rysto32@gmail.com> Subject: Re: More secure permissions for /root and /etc/sysctl.conf Message-ID: <202001311025.00VAPZts072995@gndrsh.dnsmgr.net> In-Reply-To: <alpine.BSF.2.20.2001310910280.59314@puchar.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> >>> I don't see the point in making this change to sysctl.conf. sysctls > >>> are readable by any user. Hiding the contents of sysctl.conf does not > >>> prevent unprivileged users from seeing what values have been changed > >>> from the defaults; it merely makes it more tedious. > >> true. but /root should be root only readable > > > > Based on what? What security does this provide to what part of the system? > based on common sense Who's common sense, as mine and some others say this is an unneeded change with no technical merit. You have provided no technical reasons for your requested change, yet others have presented technical reasons to not make it, so to try and base a support position on "common sense" is kinda moot. We actually discussed this at dinner tonight and no one could come up with a good reason to lock /root down in such a manner unless someone was storing stuff in /root that should probably not really be stored there. Ie, there is a bigger problem than chmod 750 /root is going to fix. -- Rod Grimes rgrimes@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202001311025.00VAPZts072995>