An exceptional analysis of the situation. Security being a tool which is
generally overlooked. Having gotten used to the lax security, I was shocked
to find that the items I've gotten used to were now eliminated for Security
reasons.
Certainly this is a step forward.
Wolfgang Bornath wrote:
> Hi,
>
> just came back from a trip to the Mandrake newsgroup and I'm still in
> terror! I read a thread about the default behaviour of msec concerning
> the permissions of home directories.
>
> So I made a fresh install of MDK 8.2 from the boxed version with sec
> level 'Standard', created 2 dummy users (joe & anne) and lokked at he
> result:
>
> [anne@molch home]$ ls -l
> insgesamt 2
> drwxw-xw-x 3 joe joe 184 Jun 10 13:07 joe/
> drwxw-xw-x 3 anne anne 184 Jun 10 13:07 joeanne/
>
> [anne@molch home]$ cd joe
> [anne@molch joe]$ ls -a
> ./ ../ .bash_logout .bash_profile .bashrc .mailcap tmp/
>
> [anne@molch joe]$ less .bashrc
> # .bashrc
>
> # User specific aliases and functions
>
> # Source global definitions
> if [ -f /etc/bashrc ]; then
> . /etc/bashrc
> fi
> .bashrc lines 1-8/8 (END)
>
> Anne can read all of Joe's files.
>
> Now I did 'msec 3' as root. The result:
>
> [anne@molch home]$ ls -l
> insgesamt 2
> drwx--x--x 3 joe joe 184 Jun 10 13:07 joe/
> drwx--x--x 3 anne anne 184 Jun 10 13:07 anne/
>
> [anne@molch home]$ cd joe
>
> [anne@molch joe]$ ls -a
> ls: .: Permission denied
>
> Here you go! Isn't that the state of permissions which should have been
> there from the start? My experiment just tells the same as what I read in
> the newsgroup: Although sec level 'Standard' is given during
> installation, after the install all users can read all other user's
> files. Only by manually punching in the msec command I get the 'normal'
> secure status.
>
> Now who of the not-so-worn-out Linux users knows the msec command? Who of
> the newbies even knows that he may have to do something?
>
> The unsuspicious newbie does an installation of a presumably more secure
> system than he is used to in Win9x/ME but what does he really get???
>
> wobo
> --
> Registered Linux User 228909 Powered By Mandrake Linux sum(8.1+0.1)
> ---------------------------------------------------------------------
> Microsoft, Windows, Bugs, Lacking Features, IRQ Conflicts, System
> Crashes, Non-Functional Multitasking and The Blue Screen of Death
> ("BSOD") are registered trademarks of Microsoft Corp., Redmond,
> Washington, USA.
>
> ------------------------------------------------------------------------
> Want to buy your Pack or Services from MandrakeSoft?
> Go to http://www.mandrakestore.com
--
Albert E. Whale - CISSP
http://www.abs-comptech.com
----------------------------------------------------------------------
ABS Computer Technology, Inc. - ESM, Computer & Networking Specialists
Sr. Security, Network, and Systems Consultant
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
