On Tue, Apr 14, 2009 at 02:00:43PM -0500, Matt Isaacs wrote: > On Tue, Apr 14, 2009 at 1:57 PM, Kees Cook <[email protected]> wrote: > > On Tue, Apr 14, 2009 at 01:20:31PM -0500, Tony Yarusso wrote: > > > I've always been a little bit uncomfortable with the choice of default > > > permissions for user home directories, and would like to see some more > > > discussion around that. > > > > https://wiki.ubuntu.com/SecurityTeam/FAQ#Permissive%20Home%20Directory%20Permissions > > > > > (Past answers essentially being "it's easier > > > this way", for file sharing and the like, which doesn't seem > > > particularly convincing to me.) > > > > It is certainly a very specific trade-off that was chosen early in Ubuntu > > design. But that's why /etc/adduser.conf exists. :) > > It's not just Ubuntu. IIRC, all the distros I used before switching to > Ubuntu had permissive home directory permissions by default.
Right, but I mean to say it was actually discussed, and decided on, rather than just being carried over from Debian, etc. -- Kees Cook Ubuntu Security Team -- ubuntu-server mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
