Omer Zak <[EMAIL PROTECTED]> writes: > users can be prevented from changing home page,
Out of curiosity: what exactly does this contribute to workstation security? Another thing I just did out of curiosity was to check permissions on various files in the default Firefox profile on my home computer. I do not use Firefox normally, but I probably started it once or twice. I certainly did not play with the permissions consciously. Now, does the following look overly permissive to anyone else, or am I too paranoid? Why should anyone but the owner have *any* kind of access to any of the files below? Why on earth does the bookmarks file have world execute (or read, for that matter) access? This is weird, and looks very unsafe to me. I would assume, naively, that all the files should have 600 permissions except prefs.js (and subdirectories) which should be 700. This is firefox-1.0.7-1.2.fc4 on Fedora Core 4 on x86_64... $ ls -l total 2120 -rwxr-xr-x 1 oleg users 182626 Jan 16 16:06 bookmarks.bak -rwxr-xr-x 1 oleg users 182626 Jan 16 16:06 bookmarks.html drwxrwxr-x 2 oleg cvs 12288 Jan 14 20:30 Cache drwxrwxr-x 2 oleg users 4096 Jan 7 23:18 Cache.Trash -rw------- 1 oleg users 65536 Jan 14 20:30 cert8.db drwxr-xr-x 2 oleg users 4096 Jan 5 23:06 chrome -rw-r--r-- 1 oleg users 65 Jan 10 16:19 compatibility.ini -rw-r--r-- 1 oleg users 24 Jan 10 16:19 components.ini -rw-r--r-- 1 oleg users 130456 Jan 10 16:19 compreg.dat -rw------- 1 oleg users 19132 Jan 14 20:20 cookies.txt -rw-r--r-- 1 oleg users 24 Jan 10 16:19 defaults.ini -rw-rw-r-- 1 oleg users 206 Jan 13 03:39 downloads.rdf drwxr-xr-x 3 oleg users 4096 Jan 5 23:06 extensions -rw-rw-r-- 1 oleg users 4297 Jan 14 20:30 formhistory.dat -rw-rw-r-- 1 oleg users 73513 Jan 16 16:06 history.dat -rw------- 1 oleg users 16384 Jan 14 20:30 key3.db -rw-r--r-- 1 oleg users 14836 Jan 16 16:06 localstore.rdf -rw-r--r-- 1 oleg users 3635 Jan 13 03:05 mimeTypes.rdf -rwxr-xr-x 1 oleg users 1879 Jan 16 16:06 prefs.js -rw-r--r-- 1 oleg users 752 Jan 5 23:06 search.rdf -rw------- 1 oleg users 16384 Jan 10 20:31 secmod.db -rw------- 1 oleg users 431 Jan 14 16:26 signons.txt drwxr-xr-x 2 oleg users 4096 Jan 5 23:06 US -rw-r--r-- 1 oleg users 78684 Jan 10 16:19 xpti.dat -rw-r--r-- 1 oleg users 1310047 Jan 14 20:25 XUL.mfasl The story is no better with Konqueror: $ ls -l /home/oleg/.kde/share/apps/konqueror/ total 512 -rw-rw-r-- 1 oleg users 229884 Feb 18 02:11 bookmarks.xml -rw-rw-r-- 1 oleg users 229884 Feb 18 02:11 bookmarks.xml.bak -rw-rw-r-- 1 oleg users 0 Feb 18 02:11 bookmarks.xml.tbcache -rw------- 1 oleg users 3631 Feb 14 08:51 faviconrc -rw-rw-r-- 1 oleg cvs 41620 Feb 18 02:11 konq_history I suspect that the rw group permissions in both cases may be related to the default RedHat setup where each user's primary group is private. However, I had *created* user oleg without a private primary group at install time. Can anyone check SuSE/Novell? IIRC they do not have private primary groups by default. In any case, world read permissions on my bookmarks and history and group rw permission on both don't look right to me. Of course, I have no idea why konq_history and Firefox Cache belong to group cvs (yes, I have such a group and user oleg is a member, but it is not the user's primary group, and none of the files is under CVS control). Very weird, and very worrying. Can anyone confirm (or deny) that it is not a really botched configuration on my specific workstation? -- Oleg Goldshmidt | [EMAIL PROTECTED] | http://www.goldshmidt.org ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
