At 19:23 Uhr +0200 08.03.2003, Birzan George Cristian wrote:
On Sat, Mar 08, 2003 at 05:40:31PM +0100, Christian Jaeger wrote:
- You should also be aware that a 0700 directory does not protect you
if you are moving another directory from outside to inside, since
users who have already chdir'd into it remain inside it.
Yes, but how often does that happen?
Maybe not often, but an attacker could run a daemon that opendir()s
each newly created directory just in the hope that one of them
happens to be moved into your secret area. Call me paranoid:) (And I
still don't see a reason why it should be different for root than
anyone else. The other user's secrets are probably just as important
as root's.)
> - The problem with a 0700 /root is that it does not leave it a *joice*
anymore.
Eh, you'll have to excuse me, but I have no idea what that phrase means.
I meant, if /root is world-readable, then you can still make a
subdirectory which is not (i.e. I have a /root/tmp which is 0700). If
/root is not world-readable, then it can never contain stuff to be
used by other users.
> Maybe you can tell me which other directory is better suited for
that than /root?
Yes. Your regular account's home.
I don't because:
- I'm promoting my /root/{bin,...} solution for colleagues as well,
and we share scripts in those directories. They would have to include
the bin/ subdirectory of my home dir on the machines we share.
- the scripts under /root/* are owned by root. If OTOH I'm executing
the $HOME/bin/ scripts of another user and his account is
compromised, root would be as well.
- in my own non-root ~/bin/ are scripts that are really specific to
me, noone else. (And sometimes I start writing new scripts there,
until they are ready for everyone to be used, at which point I'm
moving and chown'ing them to root.)
Christian
