From nobody@FreeBSD.org  Thu Apr 13 09:41:06 2006
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CA01416A402
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 13 Apr 2006 09:41:06 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 83B4443D4C
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 13 Apr 2006 09:41:06 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id k3D9f66p059756
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 13 Apr 2006 09:41:06 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id k3D9f6do059751;
	Thu, 13 Apr 2006 09:41:06 GMT
	(envelope-from nobody)
Message-Id: <200604130941.k3D9f6do059751@www.freebsd.org>
Date: Thu, 13 Apr 2006 09:41:06 GMT
From: "C.D." <c_dornig@gmx.de>
To: freebsd-gnats-submit@FreeBSD.org
Subject: /root wrong permissions 
X-Send-Pr-Version: www-2.3

>Number:         95684
>Category:       misc
>Synopsis:       /root wrong permissions
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Apr 13 09:50:15 GMT 2006
>Closed-Date:    Thu Apr 13 11:32:47 GMT 2006
>Last-Modified:  Thu Apr 13 14:00:28 GMT 2006
>Originator:     C.D.
>Release:        5.4 RELEASE, 6.0 RELEASE
>Organization:
none
>Environment:
>Description:
Dear FreeBSD Team,



with standard installation of FBSD 5.4 Released or 6.0 Released from CD-ROM,
you have after install process a wrong permission of /root.
It is 0755, but it should be 0700.
I see this as an Security hole.
>How-To-Repeat:
Install FBSD and make:

ls -l

>Fix:
Change install script.
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: ceri 
State-Changed-When: Thu Apr 13 11:31:20 UTC 2006 
State-Changed-Why:  
We don't see it as a security hole.  Suggest that you check the mailing 
list archives for previous discussions of this, and then raise it on 
hackers@FreeBSD.org if you still see an issue - check the archives first 
though please. 

The PR database is not a discussion forum, so this really does need to 
be discussed elsewhere. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=95684 

From: Jerry McAllister <jerrymc@clunix.cl.msu.edu>
To: c_dornig@gmx.de (C.D.)
Cc: freebsd-gnats-submit@freebsd.org
Subject: Re: misc/95684: /root wrong permissions
Date: Thu, 13 Apr 2006 09:59:31 -0400 (EDT)

 > 
 > 
 > >Number:         95684
 > >Category:       misc
 > >Synopsis:       /root wrong permissions
 > >Confidential:   no
 > >Severity:       critical
 > >Priority:       medium
 > >Responsible:    freebsd-bugs
 > >State:          open
 > >Quarter:        
 > >Keywords:       
 > >Date-Required:
 > >Class:          sw-bug
 > >Submitter-Id:   current-users
 > >Arrival-Date:   Thu Apr 13 09:50:15 GMT 2006
 > >Closed-Date:
 > >Last-Modified:
 > >Originator:     C.D.
 > >Release:        5.4 RELEASE, 6.0 RELEASE
 > >Organization:
 > none
 > >Environment:
 > >Description:
 > Dear FreeBSD Team,
 > 
 > 
 > 
 > with standard installation of FBSD 5.4 Released or 6.0 Released from CD-ROM,
 > you have after install process a wrong permission of /root.
 > It is 0755, but it should be 0700.
 > I see this as an Security hole.
 
 I was just able to look back as far as FreeBSD 3.2 - as far back as 
 I have anything handy running and they all have "/" set to 755.
 
 I don't understand why it should be 0700. 
 
 If you did that, no person could do an ls or get to directories under
 root.   The 755 setting does not allow group or world to write to root,
 just get to the necessary things in it.
 
 ////jerry
 
 > >How-To-Repeat:
 > Install FBSD and make:
 > 
 > ls -l
 > 
 > >Fix:
 > Change install script.
 > >Release-Note:
 > >Audit-Trail:
 > >Unformatted:
 > _______________________________________________
 > freebsd-bugs@freebsd.org mailing list
 > http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
 > To unsubscribe, send any mail to "freebsd-bugs-unsubscribe@freebsd.org"
 > 
 
>Unformatted:
