Date: Fri, 31 Jan 2020 17:13:47 +0100 From: Lars Engels <lme@freebsd.org> To: "Rodney W. Grimes" <freebsd-rwg@gndrsh.dnsmgr.net> Cc: Wojciech Puchar <wojtek@puchar.net>, FreeBSD Hackers <freebsd-hackers@freebsd.org>, Gordon Bergling <gbergling@googlemail.com>, Ryan Stone <rysto32@gmail.com> Subject: Re: More secure permissions for /root and /etc/sysctl.conf Message-ID: <20200131161347.GA33086@e.0x20.net> In-Reply-To: <202001311025.00VAPZts072995@gndrsh.dnsmgr.net> References: <alpine.BSF.2.20.2001310910280.59314@puchar.net> <202001311025.00VAPZts072995@gndrsh.dnsmgr.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jan 31, 2020 at 02:25:35AM -0800, Rodney W. Grimes wrote: > > >>> I don't see the point in making this change to sysctl.conf. sysctls > > >>> are readable by any user. Hiding the contents of sysctl.conf does not > > >>> prevent unprivileged users from seeing what values have been changed > > >>> from the defaults; it merely makes it more tedious. > > >> true. but /root should be root only readable > > > > > > Based on what? What security does this provide to what part of the system? > > based on common sense > > Who's common sense, as mine and some others say this is an unneeded > change with no technical merit. > > You have provided no technical reasons for your requested change, > yet others have presented technical reasons to not make it, > so to try and base a support position on "common sense" is kinda moot. > > We actually discussed this at dinner tonight and no one could come up > with a good reason to lock /root down in such a manner unless someone > was storing stuff in /root that should probably not really be stored > there. Ie, there is a bigger problem than chmod 750 /root is going to > fix. /root can store config files and shell history with confidential information.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20200131161347.GA33086>