From owner-freebsd-security  Wed Apr 18 10: 3:46 2001
Delivered-To: freebsd-security@freebsd.org
Received: from ringworld.nanolink.com (ringworld.nanolink.com [195.24.48.13])
	by hub.freebsd.org (Postfix) with SMTP id 8CB8B37B423
	for <freebsd-security@FreeBSD.ORG>; Wed, 18 Apr 2001 10:03:39 -0700 (PDT)
	(envelope-from roam@orbitel.bg)
Received: (qmail 1497 invoked by uid 1000); 18 Apr 2001 17:02:06 -0000
Date: Wed, 18 Apr 2001 20:02:06 +0300
From: Peter Pentchev <roam@orbitel.bg>
To: Mikhail Kruk <meshko@cs.brandeis.edu>
Cc: Victor Ivanov <v0rbiz@icon.bg>, freebsd-security@FreeBSD.ORG
Subject: Re: /root and users home dir permissions
Message-ID: <20010418200206.C582@ringworld.oblivion.bg>
Mail-Followup-To: Mikhail Kruk <meshko@cs.brandeis.edu>,
	Victor Ivanov <v0rbiz@icon.bg>, freebsd-security@FreeBSD.ORG
References: <20010418173927.A64529@icon.icon.bg> <Pine.LNX.4.33.0104181057460.31356-100000@calliope.cs.brandeis.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.LNX.4.33.0104181057460.31356-100000@calliope.cs.brandeis.edu>; from meshko@cs.brandeis.edu on Wed, Apr 18, 2001 at 11:27:42AM -0400
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

CC'd to -arch, although I guess most of the people interested are
already on -security anyway..

On Wed, Apr 18, 2001 at 11:27:42AM -0400, Mikhail Kruk wrote:
> > Hi all,
> >
> > I noticed /root is installed with mode=0755 (and updated every time by
> > installworld). It's the root home directory... some admins (like me) are
> > using it for keeping sensitive data away from regular users. Shouldn't it
> > be mode=0700 in /etc/mtree/BSD.root.dist?
> 
> I don't think changes like this can be made all of a sudden. Some people
> might be using /root for something which requires it to be readable and we
> don't want to break things...
> 
> > Also, when adding new users their home directories should be protected the
> > same way. Am I wrong?
> 
> I strongly agree with that. This change seems to be ok in terms of
> breaking existing systems and people have no business in other users'
> directories.

OK, I think Victor shall cede the /root case - after all, we're all free
to make local mods to the mtree files and all, right? :)

About adduser..  what do people think about the attached patch?
Or should that ugly regexp also check for numeric modes?

G'luck,
Peter

-- 
This sentence contains exactly threee erors.

Index: src/usr.sbin/adduser/adduser.perl
===================================================================
RCS file: /home/ncvs/src/usr.sbin/adduser/adduser.perl,v
retrieving revision 1.45
diff -u -r1.45 adduser.perl
--- src/usr.sbin/adduser/adduser.perl	2001/04/17 09:42:07	1.45
+++ src/usr.sbin/adduser/adduser.perl	2001/04/18 16:59:19
@@ -39,6 +39,7 @@
     $config_read = 1;		# read config file
     $logfile = "/var/log/adduser"; # logfile
     $home = "/home";		# default HOME
+    $home_perm = "u+wrX,go-w";	# default permissions on HOME
     $etc_shells = "/etc/shells";
     $etc_passwd = "/etc/master.passwd";
     $group = "/etc/group";
@@ -219,6 +220,33 @@
     return 0;
 }
 
+# return the default permissions' string for HOME
+sub home_permissions {
+    local($perm) = @_;
+    local($p) = $perm;
+
+    return $p if !$verbose && $p eq &home_permissions_valid($p);
+
+    while(1) {
+	$p = &confirm_list("Enter your default HOME permissions:", 1, $perm, "");
+	last if $p eq &home_permissions_valid($p);
+    }
+
+    $changes++ if $p ne $perm;
+    return $p;
+}
+
+# check for valid permissions
+sub home_permissions_valid {
+    local($perm) = @_;
+
+    if ($perm =~ /^((([ugo]+[+-][rwxX]+),?)+)/) {
+	return $1;
+    } else {
+	return "";
+    }
+}
+
 # check for valid passwddb
 sub passwd_check {
     system("$pwd_mkdb -C $etc_passwd");
@@ -939,16 +967,17 @@
 	if (!mkdir("$homedir", 0755)) {
 	    warn "$dir: $!\n"; return 0;
 	}
-	system 'chown', "$name:$group", $homedir;
+	system("chmod", "$home_perm", "$homedir");
+	system("chown", "$name:$group", "$homedir");
 	return !$?;
     }
 
     # copy files from  $dotdir to $homedir
     # rename 'dot.foo' files to '.foo'
     print "Copy files from $dotdir to $homedir\n" if $verbose;
-    system("cp -R $dotdir $homedir");
-    system("chmod -R u+wrX,go-w $homedir");
-    system("chown -R $name:$group $homedir");
+    system("cp", "-R", "$dotdir", "$homedir");
+    system("chmod", "-R", "$home_perm", "$homedir");
+    system("chown", "-R", "$name:$group", "$homedir");
 
     # security
     opendir(D, $homedir);
@@ -1332,6 +1361,9 @@
 # default HOME directory ("/home")
 home = "$home"
 
+# default permissions on HOME ("u+wrX,go-w")
+home_perm = "$home_perm";
+
 # List of directories where shells located
 # path = ('/bin', '/usr/bin', '/usr/local/bin')
 path = ($shpath)
@@ -1391,6 +1423,7 @@
 &shells_add;			# maybe add some new shells
 $defaultshell = &shell_default;	# enter default shell
 $home = &home_partition($home);	# find HOME partition
+$home_perm = &home_permissions($home_perm); # set HOME permissions
 $dotdir = &dotdir_default;	# check $dotdir
 $send_message = &message_default;   # send message to new user
 $defaultpasswd = &password_default; # maybe use password

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message