Hi,
just came back from a trip to the Mandrake newsgroup and I'm still in
terror! I read a thread about the default behaviour of msec concerning
the permissions of home directories.
So I made a fresh install of MDK 8.2 from the boxed version with sec
level 'Standard', created 2 dummy users (joe & anne) and lokked at he
result:
[anne@molch home]$ ls -l
insgesamt 2
drwxw-xw-x 3 joe joe 184 Jun 10 13:07 joe/
drwxw-xw-x 3 anne anne 184 Jun 10 13:07 joeanne/
[anne@molch home]$ cd joe
[anne@molch joe]$ ls -a
./ ../ .bash_logout .bash_profile .bashrc .mailcap tmp/
[anne@molch joe]$ less .bashrc
# .bashrc
# User specific aliases and functions
# Source global definitions
if [ -f /etc/bashrc ]; then
. /etc/bashrc
fi
.bashrc lines 1-8/8 (END)
Anne can read all of Joe's files.
Now I did 'msec 3' as root. The result:
[anne@molch home]$ ls -l
insgesamt 2
drwx--x--x 3 joe joe 184 Jun 10 13:07 joe/
drwx--x--x 3 anne anne 184 Jun 10 13:07 anne/
[anne@molch home]$ cd joe
[anne@molch joe]$ ls -a
ls: .: Permission denied
Here you go! Isn't that the state of permissions which should have been
there from the start? My experiment just tells the same as what I read in
the newsgroup: Although sec level 'Standard' is given during
installation, after the install all users can read all other user's
files. Only by manually punching in the msec command I get the 'normal'
secure status.
Now who of the not-so-worn-out Linux users knows the msec command? Who of
the newbies even knows that he may have to do something?
The unsuspicious newbie does an installation of a presumably more secure
system than he is used to in Win9x/ME but what does he really get???
wobo
--
Registered Linux User 228909 Powered By Mandrake Linux sum(8.1+0.1)
---------------------------------------------------------------------
Microsoft, Windows, Bugs, Lacking Features, IRQ Conflicts, System
Crashes, Non-Functional Multitasking and The Blue Screen of Death
("BSOD") are registered trademarks of Microsoft Corp., Redmond,
Washington, USA.
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
