Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 8 Sep 2000 17:50:06 -0400 (EDT)
From:      Matt Heckaman <matt@ARPA.MAIL.NET>
To:        Alan Batie <alan@batie.org>
Cc:        "Jonathan M. Slivko" <jslivko@coresync.net>, freebsd-security@FreeBSD.ORG
Subject:   Re: Home Directories -- in the point of security?
Message-ID:  <Pine.BSF.4.21.0009081748360.36196-100000@epsilon.lucida.qc.ca>
In-Reply-To: <20000908144513.I4603@agora.rdrop.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 8 Sep 2000, Alan Batie wrote:
...
: Until someone leaves their .profile or .cshrc file writeable accidentally
: because they don't understand unix permissions or are tricked into it.
: Or someone guesses a file name.  Or many other scenarios.  The answer
: I chose is to put the web directory somewhere else (/home/web/<user>),
: reconfigure the web server and leave the user directories 700.

Exactly. That is why the umask is 027 (set by /etc/loginc.conf) So, for a
user to get unsafe permissions, they would have to go out of their way and
set the permission. There are no defaults that leave a file vulnerable to
the above with that setup. Since for it to fail, it depends on the user
manually modifying the file permissions. At that point, I step back since
they could just as easily do chmod 777 /usr/home/$user. :)

: -- 
: Alan Batie                   ______    www.rdrop.com/users/alan      Me
: alan@batie.org               \    /    www.qrd.org         The Triangle
: PGPFP DE 3C 29 17 C0 49 7A    \  /     www.pgpi.com   The Weird Numbers
: 27 40 A5 3C 37 4A DA 52 B9     \/      www.anti-spam.net       NO SPAM!

* Matt Heckaman   - mailto:matt@lucida.qc.ca  http://www.lucida.qc.ca/ *
* GPG fingerprint - A9BC F3A8 278E 22F2 9BDA  BFCF 74C3 2D31 C035 5390 *

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.2 (FreeBSD)
Comment: http://www.lucida.qc.ca/pgp

iD8DBQE5uV8PdMMtMcA1U5ARAnWGAJ9+mBkTQdlm19aO9Opj0LJGRb8zLwCg43in
vV/GdnGRMfN00sAWVShk7WQ=
=7r9D
-----END PGP SIGNATURE-----




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0009081748360.36196-100000>