Date: Fri, 23 Feb 2001 07:10:02 -0800 (PST) From: "Michael C . Wu" <keichii@iteration.net> To: freebsd-bugs@FreeBSD.org Subject: Re: misc/25301: default install allows other user visit directory /root Message-ID: <200102231510.f1NFA2789948@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR misc/25301; it has been noted by GNATS. From: "Michael C . Wu" <keichii@iteration.net> To: davidx@viasoft.com.cn Cc: freebsd-gnats-submit@FreeBSD.org Subject: Re: misc/25301: default install allows other user visit directory /root Date: Fri, 23 Feb 2001 08:58:10 -0600 On Fri, Feb 23, 2001 at 01:31:12AM -0800, davidx@viasoft.com.cn scribbled: | | >Number: 25301 | >Category: misc | >Synopsis: default install allows other user visit directory /root | >Confidential: no | >Severity: non-critical | >Priority: low | >Responsible: freebsd-bugs | >State: open | >Quarter: | >Keywords: | >Date-Required: | >Class: sw-bug | >Submitter-Id: current-users | >Arrival-Date: Fri Feb 23 01:40:01 PST 2001 | >Closed-Date: | >Last-Modified: | >Originator: David Xu | >Release: FreeBSD-4.2 STABLE | >Organization: | viasoft | >Environment: | FreeBSD davidbsd.viasoft.com.cn 4.2-STABLE FreeBSD 4.2-STABLE #5: Thu Feb 22 11: | 39:34 CST 2001 root@davidbsd.viasoft.com.cn:/usr/src/sys/compile/xu i386 | >Description: | FreeBSD 4.2 default install can let other users visit directory /root. | I see it as a security risk. when I install smbfs from posts and put | smbfs passwd config file in /root, I found other users can steal my samba mount password, then I found /root can be visited by other users. a sad day. | | the thing never happens in Redhat Linux I ever used, Redhat Linux default does not allow other user visit /root. I think FreeBSD should do it too. | | root is not a user, but a God, he has something must not let people know. | This is a problem that you as a user needs to solve and setup correctly. You misconfigured your samba anyways. Had you been more experienced, you would never be doing what you are trying to do. man chmod. Redhat has the same behavior as FreeBSD for directory permissions. This is not a security risk. -- +------------------------------------------------------------------+ | keichii@peorth.iteration.net | keichii@bsdconspiracy.net | | http://peorth.iteration.net/~keichii | Yes, BSD is a conspiracy. | +------------------------------------------------------------------+ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102231510.f1NFA2789948>