Bug 42053

Comment 1 Giorgos Keramidas 2002-08-27 01:50:45 UTC

On 2002-08-26 17:10 +0000, Sean Lewis wrote:
> >Description:
> [sml@subterrain][/] ls -ld root
> drwxr-xr-x  2 root  wheel  512 Aug 24 15:15 root
>
> >Fix:
> chmod 700 /root in installworld scripts.

It's not like you're letting hackers find out stuff with this.  You
can always keep critical things under /root/foo where foo is chmoded
to 0700.  Is there really a point in changing the permissions to be
more right?

On Mon, Aug 26, 2002 at 06:00:05PM -0700, Giorgos Keramidas wrote:
> The following reply was made to PR i386/42053; it has been noted by GNATS.
> 
> From: Giorgos Keramidas <keramida@FreeBSD.org>
> To: Sean Lewis <sml@subterrain.net>
> Cc: bug-followup@FreeBSD.org
> Subject: Re: i386/42053: /root incorrect permissions
> Date: Tue, 27 Aug 2002 03:50:45 +0300
> 
>  On 2002-08-26 17:10 +0000, Sean Lewis wrote:
>  > >Description:
>  > [sml@subterrain][/] ls -ld root
>  > drwxr-xr-x  2 root  wheel  512 Aug 24 15:15 root
>  >
>  > >Fix:
>  > chmod 700 /root in installworld scripts.
>  
>  It's not like you're letting hackers find out stuff with this.  You
>  can always keep critical things under /root/foo where foo is chmoded
>  to 0700.  Is there really a point in changing the permissions to be
>  more right?

I don't think so.
There's nothing in /root that should be hidden from anyone by default, and
if you're creating files that you feel should be kept secret then it's up
to you to check the permissions.

On a historical note, a quick google throws up a reasonably old post showing
that permissions on /root have been 0755 for a long long time:
	http://makeashorterlink.com/?D41235F91

I think this PR should be closed.

Ceri

-- 
you can't see when light's so strong
you can't see when light is gone

Comment 3 Giorgos Keramidas 2002-08-27 15:02:58 UTC

On 2002-08-27 12:58 +0000, Ceri Davies wrote:
> On 2002-08-27 03:50 +0300, Giorgos Keramidas wrote:
> > > >Fix:
> > > chmod 700 /root in installworld scripts.
> >
> > It's not like you're letting hackers find out stuff with this.
> > You can always keep critical things under /root/foo where foo is
> > chmoded to 0700.  Is there really a point in changing the
> > permissions to be more right?
>
> I don't think so.  There's nothing in /root that should be hidden
> from anyone by default, [...]

I'm not really objecting to the change, just wondering if it's worth
keeping a ``fairly open'' or switch to a ``more conservative'' set of
permissions.  I like being able to `cat ~root/.cshrc' but the /root
directory is rather empty here and I'm practically the only local user
of the machine.  Nothing to hide, in the first place.  However, if
someone wants to locally patch /etc/mtree files, or commit the change,
it's an one liner:

%%%
Index: BSD.root.dist
===================================================================
RCS file: /home/ncvs/src/etc/mtree/BSD.root.dist,v
retrieving revision 1.58
diff -u -r1.58 BSD.root.dist
--- BSD.root.dist	10 Jun 2002 04:47:26 -0000	1.58
+++ BSD.root.dist	27 Aug 2002 14:00:33 -0000
@@ -67,7 +67,7 @@
     ..
     proc            mode=0555
     ..
-    root
+    root            mode=0700
     ..
     sbin
     ..
%%%

Comment 4 Tony Finch 2002-09-02 12:18:49 UTC

State Changed
From-To: open->closed

0755 are the permissions that have always been used for /root 
and are the same on all other operating systems that have a 
/root directory. I see no reason for FreeBSD to be different.