Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 13 Apr 2006 10:26:15 -0400 (EDT)
From:      Jerry McAllister <jerrymc@clunix.cl.msu.edu>
To:        gabor.kovesdan@t-hosting.hu (=?ISO-8859-1?Q?K=F6vesd=E1n_G=E1bor?=)
Cc:        freebsd-bugs@FreeBSD.org
Subject:   Re: misc/95684: /root wrong permissions
Message-ID:  <200604131426.k3DEQFXA028275@clunix.cl.msu.edu>
In-Reply-To: <443E5B5A.7080506@t-hosting.hu>

next in thread | previous in thread | raw e-mail | index | archive | help
> 
> Jerry McAllister wrote:

 . . .

> > The following reply was made to PR misc/95684; it has been noted by GNATS.
> >  > 
> >  > 
> >  > with standard installation of FBSD 5.4 Released or 6.0 Released from CD-ROM,
> >  > you have after install process a wrong permission of /root.
> >  > It is 0755, but it should be 0700.
> >  > I see this as an Security hole.
> >  
> >  I was just able to look back as far as FreeBSD 3.2 - as far back as 
> >  I have anything handy running and they all have "/" set to 755.
> >  
> >  I don't understand why it should be 0700. 
> >  
> >  If you did that, no person could do an ls or get to directories under
> >  root.   The 755 setting does not allow group or world to write to root,
> >  just get to the necessary things in it.
> >  
> >  
> I think you misunderstood the problem of the submitter. He meant 
> "/root", the home of the root user, not the root filesystem "/".

Ah, you are probably right about that.

It is a little different, but really, 755 is the standard permissions 
for a home directory, so is it significant?   There is normally nothing
of consequence in the /root directory and probably shouldn't be.  Unless
you do something else, it just has a few dot files for shells, etc.

You shouldn't be using the actual 'root' account for logins or much
of anything anyway.   When[if] I create a root account, eg another account
with '0' UID, I normally make a directory within /root to be its home
directory and can set its permissions any way I want if I feel the
need.   So, I don't see this as any security weakness.

////jerry

> 
> Gabor Kovesdan
> 




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200604131426.k3DEQFXA028275>