svn commit: r361791 - head/etc/mtree

Conrad Meyer cem at FreeBSD.org
Thu Jun 4 16:04:20 UTC 2020


Author: cem
Date: Thu Jun  4 16:04:19 2020
New Revision: 361791
URL: https://svnweb.freebsd.org/changeset/base/361791

Log:
  Restrict default /root permissions
  
  Remove world-readability from the root directory.  Sensitive information may be
  stored in /root and we diverge here from normative administrative practice, as
  well as installation defaults of other Unix-alikes.  The wheel group is still
  permitted to read the directory.
  
  750 is no more restrictive than defaults for the rest of the open source
  Unix-alike world.  In particular, Ben Woods surveyed DragonFly, NetBSD,
  OpenBSD, ArchLinux, CentOS, Debian, Fedora, Slackware, and Ubuntu.  None have a
  world-readable /root by default.
  
  Submitted by:	Gordon Bergling <gbergling AT gmail.com>
  Reviewed by:	ian, myself
  Discussed with:	emaste (informal approval)
  Relnotes:	sure?
  Differential Revision:	https://reviews.freebsd.org/D23392

Modified:
  head/etc/mtree/BSD.root.dist

Modified: head/etc/mtree/BSD.root.dist
==============================================================================
--- head/etc/mtree/BSD.root.dist	Thu Jun  4 14:44:44 2020	(r361790)
+++ head/etc/mtree/BSD.root.dist	Thu Jun  4 16:04:19 2020	(r361791)
@@ -117,7 +117,7 @@
     ..
     rescue
     ..
-    root
+    root            mode=0750
     ..
     sbin
     ..


More information about the svn-src-all mailing list