From owner-freebsd-hackers@freebsd.org  Fri Jan 31 18:17:10 2020
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1930B1E8565
 for <freebsd-hackers@mailman.nyi.freebsd.org>;
 Fri, 31 Jan 2020 18:17:10 +0000 (UTC)
 (envelope-from steffen@sdaoden.eu)
Received: from sdaoden.eu (sdaoden.eu [217.144.132.164])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 488QRS6Jmzz43FJ;
 Fri, 31 Jan 2020 18:17:08 +0000 (UTC)
 (envelope-from steffen@sdaoden.eu)
Received: by sdaoden.eu (Postfix, from userid 1000)
 id 94E1716059; Fri, 31 Jan 2020 19:17:01 +0100 (CET)
Date: Fri, 31 Jan 2020 19:17:00 +0100
From: Steffen Nurpmeso <steffen@sdaoden.eu>
To: Lars Engels <lme@freebsd.org>
Cc: "Rodney W. Grimes" <freebsd-rwg@gndrsh.dnsmgr.net>,
 FreeBSD Hackers <freebsd-hackers@freebsd.org>,
 Gordon Bergling <gbergling@googlemail.com>,
 Ryan Stone <rysto32@gmail.com>, Wojciech Puchar <wojtek@puchar.net>
Subject: Re: More secure permissions for /root and /etc/sysctl.conf
Message-ID: <20200131181700.Sn-C1%steffen@sdaoden.eu>
In-Reply-To: <20200131161347.GA33086@e.0x20.net>
References: <alpine.BSF.2.20.2001310910280.59314@puchar.net>
 <202001311025.00VAPZts072995@gndrsh.dnsmgr.net>
 <20200131161347.GA33086@e.0x20.net>
Mail-Followup-To: Lars Engels <lme@freebsd.org>,
 "Rodney W. Grimes" <freebsd-rwg@gndrsh.dnsmgr.net>,
 FreeBSD Hackers <freebsd-hackers@freebsd.org>,
 Gordon Bergling <gbergling@googlemail.com>,
 Ryan Stone <rysto32@gmail.com>, Wojciech Puchar <wojtek@puchar.net>
User-Agent: s-nail v14.9.16
OpenPGP: id=EE19E1C1F2F7054F8D3954D8308964B51883A0DD;
 url=https://ftp.sdaoden.eu/steffen.asc; preference=signencrypt
BlahBlahBlah: Any stupid boy can crush a beetle. But all the professors in
 the world can make no bugs.
X-Rspamd-Queue-Id: 488QRS6Jmzz43FJ
X-Spamd-Bar: /
Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none;
 spf=pass (mx1.freebsd.org: domain of steffen@sdaoden.eu designates
 217.144.132.164 as permitted sender) smtp.mailfrom=steffen@sdaoden.eu
X-Spamd-Result: default: False [0.29 / 15.00]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-0.88)[-0.876,0]; FROM_HAS_DN(0.00)[];
 R_SPF_ALLOW(-0.20)[+a]; MIME_GOOD(-0.10)[text/plain];
 DMARC_NA(0.00)[sdaoden.eu]; RCPT_COUNT_FIVE(0.00)[6];
 TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[];
 NEURAL_SPAM_LONG(0.18)[0.179,0]; MID_CONTAINS_FROM(1.00)[];
 RCVD_COUNT_ZERO(0.00)[0]; FROM_EQ_ENVFROM(0.00)[];
 R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:15987, ipnet:217.144.132.0/24, country:DE];
 IP_SCORE(0.28)[asn: 15987(1.43), country: DE(-0.02)]
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Jan 2020 18:17:10 -0000

Lars Engels wrote in <20200131161347.GA33086@e.0x20.net>:
 |On Fri, Jan 31, 2020 at 02:25:35AM -0800, Rodney W. Grimes wrote:
 |>>>>> I don't see the point in making this change to sysctl.conf.  sysctls
 |>>>>> are readable by any user.  Hiding the contents of sysctl.conf \
 |>>>>> does not
 |>>>>> prevent unprivileged users from seeing what values have been changed
 |>>>>> from the defaults; it merely makes it more tedious.
 |>>>> true. but /root should be root only readable
 |>>>
 |>>> Based on what?  What security does this provide to what part of \
 |>>> the system?
 |>> based on common sense
 |> 
 |> Who's common sense, as mine and some others say this is an unneeded
 |> change with no technical merit.
 |> 
 |> You have provided no technical reasons for your requested change,
 |> yet others have presented technical reasons to not make it,
 |> so to try and base a support position on "common sense" is kinda moot.
 |> 
 |> We actually discussed this at dinner tonight and no one could come up
 |> with a good reason to lock /root down in such a manner unless someone
 |> was storing stuff in /root that should probably not really be stored
 |> there.  Ie, there is a bigger problem than chmod 750 /root is going to
 |> fix.
 |
 |/root can store config files and shell history with confidential
 |information.

Absolutely.  My own /root is in fact shared in between many
systems, and many scripts from /etc/ reach into /root/$HOSTNAME/,
with some generics in /root/.  Practically all of that is Linux
though.  But it is very nice, since i can share very, very much,
and even the hostname= comes from kernel command line parameter,
and multiplexes to entirely different setups.

efibootmgr is cool, by the way.

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)