From sue@sblake.comcen.com.au  Thu Jan 13 06:39:32 2000
Return-Path: <sue@sblake.comcen.com.au>
Received: from sblake.comcen.com.au (sblake.comcen.com.au [203.23.236.144])
	by hub.freebsd.org (Postfix) with ESMTP id A1AE914F82
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 13 Jan 2000 06:39:23 -0800 (PST)
	(envelope-from sue@sblake.comcen.com.au)
Received: (from sue@localhost)
	by sblake.comcen.com.au (8.9.3/8.9.3) id BAA01595;
	Fri, 14 Jan 2000 01:40:27 +1100 (EST)
	(envelope-from sue)
Message-Id: <200001131440.BAA01595@sblake.comcen.com.au>
Date: Fri, 14 Jan 2000 01:40:27 +1100 (EST)
From: Sue Blake <sue@sblake.comcen.com.au>
Reply-To: sue@welearn.com.au
To: FreeBSD-gnats-submit@freebsd.org
Subject: root's home directory is too open
X-Send-Pr-Version: 3.2

>Number:         16102
>Category:       misc
>Synopsis:       root's home directory is too open
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jan 13 06:40:01 PST 2000
>Closed-Date:    Thu May 31 19:09:45 PDT 2001
>Last-Modified:  Thu May 31 19:10:27 PDT 2001
>Originator:     Sue Blake
>Release:        FreeBSD 3.4-STABLE i386
>Organization:
>Environment:

	

>Description:

Anyone can roam around in root's home directory and look at rootly files.
That's not nice. This directory seems to have been grouped with a bunch
of publicly accessible directories when the permissions were assigned.

>How-To-Repeat:

user@large$ ls -la /root
total 21
drwxr-xr-x   2 root  wheel    512 Jan 14 01:34 .
drwxr-xr-x  18 root  wheel    512 Jan 14 00:13 ..
-rw-------   1 root  wheel    111 Jan 13 19:36 .bash_history
-rw-r--r--   2 root  wheel    403 Sep 17 08:49 .cshrc
-rw-------   1 root  wheel     61 Jan 13 19:36 .history
-rw-r--r--   1 root  wheel    146 Sep 17 08:49 .klogin
-rw-r--r--   1 root  wheel    559 Sep 17 08:49 .login
-rw-r--r--   2 root  wheel    255 Sep 17 08:49 .profile
-rw-r--r--   1 root  wheel  11284 Jan 14 01:34 crackers.list
-rw-r--r--   1 root  wheel    403 Jan 14 01:34 loveletter.txt


>Fix:
	
The following trivial patch is intended to restrict access to root only.
Maybe 750 could be justified.


--- BSD.root.dist.orig	Thu Jan 13 11:14:06 2000
+++ BSD.root.dist	Fri Jan 14 01:14:49 2000
@@ -55,9 +55,9 @@
     ..
     modules
     ..
-    proc            mode=0555
+    root            mode=0700
     ..
-    root
+    proc            mode=0555
     ..
     sbin
     ..


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: dd 
State-Changed-When: Thu May 31 19:09:45 PDT 2001 
State-Changed-Why:  
This has been discussed to death before, and IIRC the conslusion was that you 
shouldn't be reading love letters as root (or storing anything else sensitive 
in /root). 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=16102 
>Unformatted:
