Author: cem Date: Thu Jun 4 16:04:19 2020 New Revision: 361791 URL: https://svnweb.freebsd.org/changeset/base/361791
Log: Restrict default /root permissions Remove world-readability from the root directory. Sensitive information may be stored in /root and we diverge here from normative administrative practice, as well as installation defaults of other Unix-alikes. The wheel group is still permitted to read the directory. 750 is no more restrictive than defaults for the rest of the open source Unix-alike world. In particular, Ben Woods surveyed DragonFly, NetBSD, OpenBSD, ArchLinux, CentOS, Debian, Fedora, Slackware, and Ubuntu. None have a world-readable /root by default. Submitted by: Gordon Bergling <gbergling AT gmail.com> Reviewed by: ian, myself Discussed with: emaste (informal approval) Relnotes: sure? Differential Revision: https://reviews.freebsd.org/D23392 Modified: head/etc/mtree/BSD.root.dist Modified: head/etc/mtree/BSD.root.dist ============================================================================== --- head/etc/mtree/BSD.root.dist Thu Jun 4 14:44:44 2020 (r361790) +++ head/etc/mtree/BSD.root.dist Thu Jun 4 16:04:19 2020 (r361791) @@ -117,7 +117,7 @@ .. rescue .. - root + root mode=0750 .. sbin .. _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
