Date: Fri, 14 Jan 2000 01:40:27 +1100 (EST) From: Sue Blake <sue@sblake.comcen.com.au> To: FreeBSD-gnats-submit@freebsd.org Subject: misc/16102: root's home directory is too open Message-ID: <200001131440.BAA01595@sblake.comcen.com.au>
next in thread | raw e-mail | index | archive | help
>Number: 16102
>Category: misc
>Synopsis: root's home directory is too open
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Jan 13 06:40:01 PST 2000
>Closed-Date:
>Last-Modified:
>Originator: Sue Blake
>Release: FreeBSD 3.4-STABLE i386
>Organization:
>Environment:
>Description:
Anyone can roam around in root's home directory and look at rootly files.
That's not nice. This directory seems to have been grouped with a bunch
of publicly accessible directories when the permissions were assigned.
>How-To-Repeat:
user@large$ ls -la /root
total 21
drwxr-xr-x 2 root wheel 512 Jan 14 01:34 .
drwxr-xr-x 18 root wheel 512 Jan 14 00:13 ..
-rw------- 1 root wheel 111 Jan 13 19:36 .bash_history
-rw-r--r-- 2 root wheel 403 Sep 17 08:49 .cshrc
-rw------- 1 root wheel 61 Jan 13 19:36 .history
-rw-r--r-- 1 root wheel 146 Sep 17 08:49 .klogin
-rw-r--r-- 1 root wheel 559 Sep 17 08:49 .login
-rw-r--r-- 2 root wheel 255 Sep 17 08:49 .profile
-rw-r--r-- 1 root wheel 11284 Jan 14 01:34 crackers.list
-rw-r--r-- 1 root wheel 403 Jan 14 01:34 loveletter.txt
>Fix:
The following trivial patch is intended to restrict access to root only.
Maybe 750 could be justified.
--- BSD.root.dist.orig Thu Jan 13 11:14:06 2000
+++ BSD.root.dist Fri Jan 14 01:14:49 2000
@@ -55,9 +55,9 @@
..
modules
..
- proc mode=0555
+ root mode=0700
..
- root
+ proc mode=0555
..
sbin
..
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001131440.BAA01595>