More secure permissions for /root and /etc/sysctl.conf
Julian H. Stacey
jhs at berklix.com
Wed Jan 29 23:52:10 UTC 2020
"Rodney W. Grimes" wrote:
> > Hi,
> >
> > I recently stumbled upon the default world readable permissons of /root and
> > /etc/sysctl.conf. I think that it would be more secure to reduce the default
> > permission for /root to 0700 and to 0600 for /etc/sysctl.conf.
>
> Those values are over kill, you really want to stop group wheel from
> reading these? At most they should be 0750 and 0640, and even that
> seems overboard.
>
> If your stroring highly secure stuff in /root your probably doing some
> thing wrong anyway.
>
> This appears to be security through obscurity based conservatism with
> no given attack vector of some form.
>
> Others have made good points as well. This also appears to be changing
> a default that would lead to many people unchanging it simply so a few
> that do change it can impose there defaults.
>
>
> >
> > I prepared a differtial for the proposed change:
> > https://reviews.freebsd.org/D23392
> >
> > What do you think?
>
> Bad idea?
Agreed, too tight. Over tightening tempts local fast reflex loosening by
installers, with risk of over loosening if in a rush.
Cheers
--
Julian Stacey, Consultant Systems Engineer, BSD Linux http://berklix.com/jhs/
UK stole 750,000 Brexit votes from Brits in EU + 3 M globaly. 170 states vote
abroad. UK urged Brits in EU to foreign nationality http://stolenvotes.uk
More information about the freebsd-hackers
mailing list