On 16-03-09 09:29 PM, Kurtis Rader wrote:
On Wed, Mar 9, 2016 at 6:17 PM, Francis Roy <li...@unimportantstuff.com
If I may, a follow-up question: does this create a potential
security vulnerability on my machine that I should find measures of
protecting?
Probably not but it's not the sort of question anyone can answer without
spending a few days reviewing your situation. The reason most UNIX
distros create the home directory for a user with mode 750 (no public
access) is to make it impossible for other accounts on the machine,
which aren't a member of your primary group, to guess whether a file is
present by exploiting the search capability. In other words, if you've
done "chmod 751" then even if I'm not a member of the group that owns
your home directory I can execute "ls /media/username/$filename"
commands (or equivalent) to probe whether $filename exists. It's a
potential information leak that could theoretically be used to launch an
attack. Whether that's a concern for you depends on a lot of factors.
Thank you that answers my question quite nicely. It's not a giant flag
waving at the internet, but if someone got a hold of my machine
directly, it could provide a small bit of information used in a general
strategy.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
