On 16-03-09 09:29 PM, Kurtis Rader wrote:
On Wed, Mar 9, 2016 at 6:17 PM, Francis Roy <lists@xxxxxxxxxxxxxxxxxxxx
If I may, a follow-up question: does this create a potential
security vulnerability on my machine that I should find measures of
protecting?
Probably not but it's not the sort of question anyone can answer without spending a few days reviewing your situation. The reason most UNIX distros create the home directory for a user with mode 750 (no public access) is to make it impossible for other accounts on the machine, which aren't a member of your primary group, to guess whether a file is present by exploiting the search capability. In other words, if you've done "chmod 751" then even if I'm not a member of the group that owns your home directory I can execute "ls /media/username/$filename" commands (or equivalent) to probe whether $filename exists. It's a potential information leak that could theoretically be used to launch an attack. Whether that's a concern for you depends on a lot of factors.
Thank you that answers my question quite nicely. It's not a giant flag waving at the internet, but if someone got a hold of my machine directly, it could provide a small bit of information used in a general strategy.
--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|