Bug 25301

Summary: default install allows other user visit directory /root
Product: Base System Reporter: davidx <davidx>
Component: miscAssignee: freebsd-bugs (Nobody) <bugs>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Unspecified   
Hardware: Any   
OS: Any   

Description davidx 2001-02-23 09:40:01 UTC 
FreeBSD 4.2 default install can let other users visit directory /root.
I see it as a security risk. when I install smbfs from posts and put
smbfs passwd config file in /root, I found other users can steal my samba mount password, then I found /root can be visited by other users. a sad day.

the thing never happens in Redhat Linux I ever used, Redhat Linux default does not allow other user visit /root. I think FreeBSD should do it too.

root is not a user, but a God, he has something must not let people know.
Comment 1 keichii 2001-02-23 14:58:10 UTC 
On Fri, Feb 23, 2001 at 01:31:12AM -0800, davidx@viasoft.com.cn scribbled:
| 
| >Number:         25301
| >Category:       misc
| >Synopsis:       default install allows other user visit directory /root
| >Confidential:   no
| >Severity:       non-critical
| >Priority:       low
| >Responsible:    freebsd-bugs
| >State:          open
| >Quarter:        
| >Keywords:       
| >Date-Required:
| >Class:          sw-bug
| >Submitter-Id:   current-users
| >Arrival-Date:   Fri Feb 23 01:40:01 PST 2001
| >Closed-Date:
| >Last-Modified:
| >Originator:     David Xu
| >Release:        FreeBSD-4.2 STABLE
| >Organization:
| viasoft
| >Environment:
| FreeBSD davidbsd.viasoft.com.cn 4.2-STABLE FreeBSD 4.2-STABLE #5: Thu Feb 22 11:
| 39:34 CST 2001     root@davidbsd.viasoft.com.cn:/usr/src/sys/compile/xu  i386
| >Description:
| FreeBSD 4.2 default install can let other users visit directory /root.
| I see it as a security risk. when I install smbfs from posts and put
| smbfs passwd config file in /root, I found other users can steal my samba mount password, then I found /root can be visited by other users. a sad day.
| 
| the thing never happens in Redhat Linux I ever used, Redhat Linux default does not allow other user visit /root. I think FreeBSD should do it too.
| 
| root is not a user, but a God, he has something must not let people know.
| 

This is a problem that you as a user needs to solve and setup correctly.
You misconfigured your samba anyways.  Had you been more experienced,
you would never be doing what you are trying to do.

man chmod.  Redhat has the same behavior as FreeBSD for directory permissions.
This is not a security risk.

-- 
+------------------------------------------------------------------+
| keichii@peorth.iteration.net         | keichii@bsdconspiracy.net |
| http://peorth.iteration.net/~keichii | Yes, BSD is a conspiracy. |
+------------------------------------------------------------------+
Comment 2 Will Andrews freebsd_committer freebsd_triage 2001-02-23 14:59:58 UTC 
State Changed
From-To: open->closed

If you have something particularly important in your root, try  
``chmod 700 /root''.  Next time post a message like this to -questions.