More secure permissions for /root and /etc/sysctl.conf
Rodney W. Grimes
freebsd-rwg at gndrsh.dnsmgr.net
Wed Jan 29 21:34:46 UTC 2020
> Hi,
>
> I recently stumbled upon the default world readable permissons of /root and
> /etc/sysctl.conf. I think that it would be more secure to reduce the default
> permission for /root to 0700 and to 0600 for /etc/sysctl.conf.
Those values are over kill, you really want to stop group wheel from
reading these? At most they should be 0750 and 0640, and even that
seems overboard.
If your stroring highly secure stuff in /root your probably doing some
thing wrong anyway.
This appears to be security through obscurity based conservatism with
no given attack vector of some form.
Others have made good points as well. This also appears to be changing
a default that would lead to many people unchanging it simply so a few
that do change it can impose there defaults.
>
> I prepared a differtial for the proposed change:
> https://reviews.freebsd.org/D23392
>
> What do you think?
Bad idea?
>
> Best regards,
>
> Gordon
> _______________________________________________
> freebsd-hackers at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"
>
--
Rod Grimes rgrimes at freebsd.org
More information about the freebsd-hackers
mailing list