On Thu, Feb 17, 2011 at 4:24 PM, Roger Leigh <rle...@codelibre.net> wrote: > On Thu, Feb 17, 2011 at 04:07:12PM +0100, Olaf van der Spek wrote: >> On Thu, Feb 17, 2011 at 3:58 PM, Roger Leigh <rle...@codelibre.net> wrote: >> > In general, I think it's fair to say that the average Debian >> > installation does not require Fort Knox levels of security. Simply >> > allowing other people to read our files is often something desirable; >> >> Does other refer to other users, all other accounts or the entire world? > > It refers to S_IRWXO, which is what this bug is about. What that > means in practice is up to you.
Other (people) in "Simply allowing other people to read our files is often something desirable" does not refer to S_IRWXO. >> Like backups, the need for security is often discovered after it was >> necessary. > > Yes, but like everything there is a tradeoff. A totally secure system > is an unusable system. Having to instruct every user how to relax the > permissions to allow others to access their files, or allow their web > pages to be visible, is effectively pointless make-work if that was what > you wanted in the first place. You're right, in that case it makes more sense to edit /etc/adduser.conf Or to setup public dirs that people could use to share stuff without defaulting to share their entire home dir. > And for most people, I would argue that > /is/ what is wanted. Is it? A lot of people have desktops / laptops that aren't shared with other people and that don't use the per-user public_html. > Remember that historically, multi-user systems have been about sharing > and collaboration, not isolation in walled-off prisons. I know which > type of system I want, and it's not the latter. Historically security was not an issue. > 0755 is not inherently insecure. Others can't make any changes, but > they can look. The only issue here is accidental disclosure of > information intended to be private. Right -- Olaf -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/AANLkTi=4R87hRmXQc4Y7zL9b5KJ0yJqtTYXeX80MQN=p...@mail.gmail.com
