[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] about cd .. command can change home directory up to root server
- Subject: Re: [cobalt-security] about cd .. command can change home directory up to root server
- From: John Bailey <support@xxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 10 Sep 2001 18:25:41 +0100 (BST)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> > Welcome to the multi-user unix world.
>
> Ah, that's not entirely correct. On a properly installed Unix or Linux this
> will not happen. There the directories /etc and /root and a few others are
> not readable by regular users who all belong to the group user. But when the
> Cobalt OS was developed Cobalt sidestepped this security measure for a couple
> of obscure reasons.
I'm on a Raq3 at the moment, and root's home directory is set to 700 - I
believe it was like this when I got it, though I may have changed it
myself =).
More importantly, though, in my opinion, setting /etc to be readable only
by root is one heck of a bad idea. Not all of the files in /etc are
intended to be only read by root - it's a general dumping ground for
various configurations ... and I hate to think how much stuff would break
if you made things like /etc/passwd to be mode 700 - part of the reasoning
behind having a seperate file for shadow passwords is so that /etc/passwd
is always world readable.
Having said that, there's no reason why you shouldn't make some of the
stuff in /etc/passwd to be root only readable, but it's worth being
careful!
Cheers,
John