On Sat, 8 Mar 2003 10:03:07 -0600 "J.P. Pasnak" <[EMAIL PROTECTED]> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On March 7, 2003 19:33 pm, Pierre Fortin wrote: > > On Fri, 7 Mar 2003 12:09:20 -0600 (CST) "J.P. Pasnak" > > > > <[EMAIL PROTECTED]> wrote: > > > Pierre Fortin said: > > > > SIGH... I recently noticed that all my users' home directories > > > > had 755 permissions... changed this to 700 and now it's back to > > > > 755... What's the point of separate userids if msec allows each > > > > user to read another's directory?? > > > > > > > > Will there be a more secure default in 9.1...? If not, then I > > > > don't care to continue with msec on my systems: rpm -e msec && > > > > chmod 700 /home > > > > > > msec works exactly as it should, and I doubt they will change the > > > defaults because of people not knowing how to use it. > > > > > > Learn how to edit '/usr/share/msec/perm.x' or create a custom > > > permission file with drakperm. > > > > > > Also, read this article: > > > http://www.mandrakesecure.net/en/docs/msec.php > > > > See also the rant inside my reply to Jack... gratuitously lowering > > owner-defined security levels is irresponsible... trying to shift > > the blame to the owner with "local rules" doesn't cut it.... I made > > my local rules EXplicitly when I made /home/* 700... Blindly > > lowering them, without even asking BTW, is a security violation > > IMO.... > > OK, I see your point here, but how would you go about implementing this? > > Would msec have to do comparisons on all directories, increasing > completion time and usage? Would it have on/off per directory > functionality? > > I like msec, and have over time worked around it's quirks, so I'd like > to see it improved rather than chucked out... ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Ditto... my whole point although probably not stated/understood as intended... L8R.
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
