From nobody@FreeBSD.org  Mon Aug 26 17:10:19 2002
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 76B8A37B400
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 26 Aug 2002 17:10:19 -0700 (PDT)
Received: from www.freebsd.org (www.FreeBSD.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 25D1E43E6A
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 26 Aug 2002 17:10:19 -0700 (PDT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.12.4/8.12.4) with ESMTP id g7R0AFOT073041
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 26 Aug 2002 17:10:15 -0700 (PDT)
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.12.4/8.12.4/Submit) id g7R0AF6e073040;
	Mon, 26 Aug 2002 17:10:15 -0700 (PDT)
Message-Id: <200208270010.g7R0AF6e073040@www.freebsd.org>
Date: Mon, 26 Aug 2002 17:10:15 -0700 (PDT)
From: Sean Lewis <sml@subterrain.net>
To: freebsd-gnats-submit@FreeBSD.org
Subject: /root incorrect permissions
X-Send-Pr-Version: www-1.0

>Number:         42053
>Category:       i386
>Synopsis:       /root incorrect permissions
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Mon Aug 26 17:20:01 PDT 2002
>Closed-Date:    Mon Sep 02 04:19:20 PDT 2002
>Last-Modified:  Mon Sep 02 04:19:20 PDT 2002
>Originator:     Sean Lewis
>Release:        4.6-STABLE
>Organization:
>Environment:
FreeBSD subterrain.net 4.6-STABLE FreeBSD 4.6-STABLE #1: Wed Aug 21 10:52:16 PDT
 2002     root@subterrain.net:/usr/src/sys/compile/SUBTERRAIN  i386
>Description:
[sml@subterrain][/] ls -ld root
drwxr-xr-x  2 root  wheel  512 Aug 24 15:15 root
>How-To-Repeat:
ls -l /root
>Fix:
chmod 700 /root in installworld scripts. 
>Release-Note:
>Audit-Trail:

From: Giorgos Keramidas <keramida@FreeBSD.org>
To: Sean Lewis <sml@subterrain.net>
Cc: bug-followup@FreeBSD.org
Subject: Re: i386/42053: /root incorrect permissions
Date: Tue, 27 Aug 2002 03:50:45 +0300

 On 2002-08-26 17:10 +0000, Sean Lewis wrote:
 > >Description:
 > [sml@subterrain][/] ls -ld root
 > drwxr-xr-x  2 root  wheel  512 Aug 24 15:15 root
 >
 > >Fix:
 > chmod 700 /root in installworld scripts.
 
 It's not like you're letting hackers find out stuff with this.  You
 can always keep critical things under /root/foo where foo is chmoded
 to 0700.  Is there really a point in changing the permissions to be
 more right?

From: Ceri Davies <setantae@submonkey.net>
To: Giorgos Keramidas <keramida@FreeBSD.org>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: i386/42053: /root incorrect permissions
Date: Tue, 27 Aug 2002 12:58:35 +0100

 On Mon, Aug 26, 2002 at 06:00:05PM -0700, Giorgos Keramidas wrote:
 > The following reply was made to PR i386/42053; it has been noted by GNATS.
 > 
 > From: Giorgos Keramidas <keramida@FreeBSD.org>
 > To: Sean Lewis <sml@subterrain.net>
 > Cc: bug-followup@FreeBSD.org
 > Subject: Re: i386/42053: /root incorrect permissions
 > Date: Tue, 27 Aug 2002 03:50:45 +0300
 > 
 >  On 2002-08-26 17:10 +0000, Sean Lewis wrote:
 >  > >Description:
 >  > [sml@subterrain][/] ls -ld root
 >  > drwxr-xr-x  2 root  wheel  512 Aug 24 15:15 root
 >  >
 >  > >Fix:
 >  > chmod 700 /root in installworld scripts.
 >  
 >  It's not like you're letting hackers find out stuff with this.  You
 >  can always keep critical things under /root/foo where foo is chmoded
 >  to 0700.  Is there really a point in changing the permissions to be
 >  more right?
 
 I don't think so.
 There's nothing in /root that should be hidden from anyone by default, and
 if you're creating files that you feel should be kept secret then it's up
 to you to check the permissions.
 
 On a historical note, a quick google throws up a reasonably old post showing
 that permissions on /root have been 0755 for a long long time:
 	http://makeashorterlink.com/?D41235F91
 
 I think this PR should be closed.
 
 Ceri
 
 -- 
 you can't see when light's so strong
 you can't see when light is gone

From: Giorgos Keramidas <keramida@FreeBSD.ORG>
To: Ceri Davies <setantae@submonkey.net>
Cc: bug-followup@FreeBSD.ORG
Subject: Re: i386/42053: /root incorrect permissions
Date: Tue, 27 Aug 2002 17:02:58 +0300

 On 2002-08-27 12:58 +0000, Ceri Davies wrote:
 > On 2002-08-27 03:50 +0300, Giorgos Keramidas wrote:
 > > > >Fix:
 > > > chmod 700 /root in installworld scripts.
 > >
 > > It's not like you're letting hackers find out stuff with this.
 > > You can always keep critical things under /root/foo where foo is
 > > chmoded to 0700.  Is there really a point in changing the
 > > permissions to be more right?
 >
 > I don't think so.  There's nothing in /root that should be hidden
 > from anyone by default, [...]
 
 I'm not really objecting to the change, just wondering if it's worth
 keeping a ``fairly open'' or switch to a ``more conservative'' set of
 permissions.  I like being able to `cat ~root/.cshrc' but the /root
 directory is rather empty here and I'm practically the only local user
 of the machine.  Nothing to hide, in the first place.  However, if
 someone wants to locally patch /etc/mtree files, or commit the change,
 it's an one liner:
 
 %%%
 Index: BSD.root.dist
 ===================================================================
 RCS file: /home/ncvs/src/etc/mtree/BSD.root.dist,v
 retrieving revision 1.58
 diff -u -r1.58 BSD.root.dist
 --- BSD.root.dist	10 Jun 2002 04:47:26 -0000	1.58
 +++ BSD.root.dist	27 Aug 2002 14:00:33 -0000
 @@ -67,7 +67,7 @@
      ..
      proc            mode=0555
      ..
 -    root
 +    root            mode=0700
      ..
      sbin
      ..
 %%%
State-Changed-From-To: open->closed 
State-Changed-By: fanf 
State-Changed-When: Mon Sep 2 04:18:49 PDT 2002 
State-Changed-Why:  
0755 are the permissions that have always been used for /root 
and are the same on all other operating systems that have a 
/root directory. I see no reason for FreeBSD to be different. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=42053 
>Unformatted:
