[Adduser-devel] Open Home directory

Christian Knoke chrisk@cknoke.de
Thu, 9 Jun 2005 10:28:12 +0200


Hi,

the adduser package has an option to choose, whether the home directory of
the user will be readable for all users on the system, or not. The default
is, it will be.

This can result in a security hole, when people accept the default without
much reading (if I'm not mistaken, it is not even l10n'd during install).

Other distros handle this different. So I was really shocked when I noticed
that any user - even nobody - can read the content of it. Also, newly
recreated files are world-readable.

I suggest to put the default on 'No'. If this is not possible for some
reason, I suggest to write a big warning what that means.

Cheers,

Christian

-- 
Christian Knoke            * * *            http://cknoke.de
* * * * * * * * *  Ceterum censeo Microsoft esse dividendum.