On Thu, Jun 14, 2001 at 07:44:32AM -0500, Nathan E Norman wrote: | On Wed, Jun 13, 2001 at 11:14:35PM -0400, D-Man wrote: | > On Wed, Jun 13, 2001 at 03:17:52PM -0800, Ethan Benson wrote: | > | On Wed, Jun 13, 2001 at 01:11:49PM -0400, D-Man wrote: | > | > By "make my machine download things" do you mean that he logs in and | > | > uses ftp or a web browser? If so, then he ought to be downloading the | > | > stuff into his own home directory. By default (and quite naturally) | > | > users _can't_ see someone else's home directory unless that person | > | > explicitly makes it readable. | > | | > | wrong, debian creates home directories mode 755, world readable by | > | default like all other *nixes that have come before it. | > | > Why would all other *nixes default to being insecure? I don't know | > where it is set (possibly by the admin after using useradd), but the | > home directories on the Solaris system at school are not world | > readable unless one makes theirs so. | | Can you explain why world readable home dirs are considered insecure | by default?
It seems natural to me that my home dir is my own private property. Kind of like having your own room or a clubhouse as a kid, with a sign "Keep Out" on the door. Making it world readable seems like leaving the door open, then wondering why someone is able to snoop about ;-). | If you can't I suggest you retract your assertion that all unices | are insecure by default (you possibly could argue that if | you weren't claiming this was because of world readable home dirs :) I don't mean that unix in general is insecure, but that in this particular aspect it seems to be. | Consider that your having the ability to read and execute my home dir | does not necessarily confer the ability to read the files within that | directory. This is a good point, though I still don't know why the default would allow someone else to use 'ls' on my home. | Are you sure the "Solaris system at school" has not had its config | tweaked at all after it was installed? I did mention that I don't know what method the admin uses to create the accounts and if it was the system or the admin that set the home dirs to not-world readable. <quote from above> (possibly by the admin after using useradd) </quote> I wasn't really complaining, just curious. I am certain that there is some history buried in here, like a great deal of other features in Unix. -D
