Date: Fri, 23 Feb 2001 01:31:12 -0800 (PST) From: davidx@viasoft.com.cn To: freebsd-gnats-submit@FreeBSD.org Subject: misc/25301: default install allows other user visit directory /root Message-ID: <200102230931.f1N9VCF47928@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 25301 >Category: misc >Synopsis: default install allows other user visit directory /root >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Feb 23 01:40:01 PST 2001 >Closed-Date: >Last-Modified: >Originator: David Xu >Release: FreeBSD-4.2 STABLE >Organization: viasoft >Environment: FreeBSD davidbsd.viasoft.com.cn 4.2-STABLE FreeBSD 4.2-STABLE #5: Thu Feb 22 11: 39:34 CST 2001 root@davidbsd.viasoft.com.cn:/usr/src/sys/compile/xu i386 >Description: FreeBSD 4.2 default install can let other users visit directory /root. I see it as a security risk. when I install smbfs from posts and put smbfs passwd config file in /root, I found other users can steal my samba mount password, then I found /root can be visited by other users. a sad day. the thing never happens in Redhat Linux I ever used, Redhat Linux default does not allow other user visit /root. I think FreeBSD should do it too. root is not a user, but a God, he has something must not let people know. >How-To-Repeat: >Fix: >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102230931.f1N9VCF47928>