[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lynx-dev Re: who owns what
From: |
David Woolley |
Subject: |
Re: lynx-dev Re: who owns what |
Date: |
Sat, 10 Oct 1998 11:52:18 +0100 (BST) |
>
> this is the result of ksh pathto $HOME :
>
> drwxr-xr-x 32 root sys 1024 Sep 30 12:28 /
> lrwxr-xr-x 1 root sys 13 Jul 13 1995 /homes -> var/adm/homes
> drwxr-xr-x 32 root sys 1024 Sep 30 12:28 /
> drwxr-xr-x 32 root sys 512 Sep 25 07:28 /var
> drwxr-xr-x 12 adm adm 512 Oct 6 20:26 /var/adm
^^^
This might well cause some security sensitive software to consider the
home directory unsafe, as the normal rule would be not-writeable to,
or owned by, anyone except the actual user or root. Because of common,
but probably nowadays unsafe, useage, bin might be accepted as an alternative
to root.
It looks like someone has been shoe-horning directories into whatever
filesystem would take them and hasn't thought of the ownership consequences.
> drwxr-xr-x 2 root sys 99328 Oct 9 09:09 /var/adm/homes
^^^^^
This is big, and might cause performance problems, although the current users'
path information will probably be cached. Most people would split the
directory, up, which seems to be the purpose of the u7 part in
the homefs form of the directory name.
I guess there may be an NFS mount somewhere here, but the obvious thing
would have been to put /homefs/u7/purslow directly into the passwd file.
> lrwxr-xr-x 1 root sys 18 Mar 5 1998
> /var/adm/homes/purslow -> /homefs/u7/purslow
> drwxr-xr-x 32 root sys 1024 Sep 30 12:28 /
> drwxr-xr-x 29 root sys 512 Aug 25 23:41 /homefs
> drwxr-xr-x 32 root sys 512 Oct 8 12:19 /homefs/u7
> drwx--x--x 9 purslow user 512 Oct 9 07:53 /homefs/u7/purslow
^^^^^^^^^^
Someone has already commented that this allows access to known filenames.
Most default home directory setups are 755, from the days when Unix was
used by cooperating workgroups. It is possible that this has been done
to give a system daemon access to one of your . files, without giving
directory listing permission to every one. It is probably better to
have 755 on the home directory and reserve 700 for secure subdirectories.
- Re: lynx-dev Re: who owns what, (continued)
- Re: lynx-dev Re: who owns what, Philip Webb, 1998/10/08
- Re: lynx-dev Re: who owns what, dickey, 1998/10/08
- Re: lynx-dev Re: who owns what, dickey, 1998/10/08
- Re: lynx-dev Re: who owns what, Bela Lubkin, 1998/10/08
- Re: lynx-dev Re: who owns what, Bela Lubkin, 1998/10/09
- Re: lynx-dev Re: who owns what, Philip Webb, 1998/10/09
Re: lynx-dev Re: who owns what, dickey, 1998/10/09
Re: lynx-dev Re: who owns what, Nelson Henry Eric, 1998/10/09
Re: lynx-dev Re: who owns what, dickey, 1998/10/09