svn commit: r361791 - head/etc/mtree
Conrad Meyer
cem at FreeBSD.org
Thu Jun 4 16:04:20 UTC 2020
Author: cem
Date: Thu Jun 4 16:04:19 2020
New Revision: 361791
URL: https://svnweb.freebsd.org/changeset/base/361791
Log:
Restrict default /root permissions
Remove world-readability from the root directory. Sensitive information may be
stored in /root and we diverge here from normative administrative practice, as
well as installation defaults of other Unix-alikes. The wheel group is still
permitted to read the directory.
750 is no more restrictive than defaults for the rest of the open source
Unix-alike world. In particular, Ben Woods surveyed DragonFly, NetBSD,
OpenBSD, ArchLinux, CentOS, Debian, Fedora, Slackware, and Ubuntu. None have a
world-readable /root by default.
Submitted by: Gordon Bergling <gbergling AT gmail.com>
Reviewed by: ian, myself
Discussed with: emaste (informal approval)
Relnotes: sure?
Differential Revision: https://reviews.freebsd.org/D23392
Modified:
head/etc/mtree/BSD.root.dist
Modified: head/etc/mtree/BSD.root.dist
==============================================================================
--- head/etc/mtree/BSD.root.dist Thu Jun 4 14:44:44 2020 (r361790)
+++ head/etc/mtree/BSD.root.dist Thu Jun 4 16:04:19 2020 (r361791)
@@ -117,7 +117,7 @@
..
rescue
..
- root
+ root mode=0750
..
sbin
..
More information about the svn-src-all
mailing list