Date: Fri, 8 Sep 2000 17:50:06 -0400 (EDT) From: Matt Heckaman <matt@ARPA.MAIL.NET> To: Alan Batie <alan@batie.org> Cc: "Jonathan M. Slivko" <jslivko@coresync.net>, freebsd-security@FreeBSD.ORG Subject: Re: Home Directories -- in the point of security? Message-ID: <Pine.BSF.4.21.0009081748360.36196-100000@epsilon.lucida.qc.ca> In-Reply-To: <20000908144513.I4603@agora.rdrop.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 8 Sep 2000, Alan Batie wrote: ... : Until someone leaves their .profile or .cshrc file writeable accidentally : because they don't understand unix permissions or are tricked into it. : Or someone guesses a file name. Or many other scenarios. The answer : I chose is to put the web directory somewhere else (/home/web/<user>), : reconfigure the web server and leave the user directories 700. Exactly. That is why the umask is 027 (set by /etc/loginc.conf) So, for a user to get unsafe permissions, they would have to go out of their way and set the permission. There are no defaults that leave a file vulnerable to the above with that setup. Since for it to fail, it depends on the user manually modifying the file permissions. At that point, I step back since they could just as easily do chmod 777 /usr/home/$user. :) : -- : Alan Batie ______ www.rdrop.com/users/alan Me : alan@batie.org \ / www.qrd.org The Triangle : PGPFP DE 3C 29 17 C0 49 7A \ / www.pgpi.com The Weird Numbers : 27 40 A5 3C 37 4A DA 52 B9 \/ www.anti-spam.net NO SPAM! * Matt Heckaman - mailto:matt@lucida.qc.ca http://www.lucida.qc.ca/ * * GPG fingerprint - A9BC F3A8 278E 22F2 9BDA BFCF 74C3 2D31 C035 5390 * -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.2 (FreeBSD) Comment: http://www.lucida.qc.ca/pgp iD8DBQE5uV8PdMMtMcA1U5ARAnWGAJ9+mBkTQdlm19aO9Opj0LJGRb8zLwCg43in vV/GdnGRMfN00sAWVShk7WQ= =7r9D -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0009081748360.36196-100000>