]> CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit
projects / FreeBSD / FreeBSD.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: dd5a75d) | patch
Restrict default /root permissions
authorcem <cem@FreeBSD.org>
Thu, 4 Jun 2020 16:04:19 +0000 (16:04 +0000)
committercem <cem@FreeBSD.org>
Thu, 4 Jun 2020 16:04:19 +0000 (16:04 +0000)
commit425e52218c8c3fb5575c29161a6d91b00f014d14
treeba86238ccb30436576389c78c161767e073256batree | snapshot
parentdd5a75d38669588e7ddaf952e04dd93722533c0bcommit | diff
Restrict default /root permissions

Remove world-readability from the root directory.  Sensitive information may be
stored in /root and we diverge here from normative administrative practice, as
well as installation defaults of other Unix-alikes.  The wheel group is still
permitted to read the directory.

750 is no more restrictive than defaults for the rest of the open source
Unix-alike world.  In particular, Ben Woods surveyed DragonFly, NetBSD,
OpenBSD, ArchLinux, CentOS, Debian, Fedora, Slackware, and Ubuntu.  None have a
world-readable /root by default.

Submitted by: Gordon Bergling <gbergling AT gmail.com>
Reviewed by: ian, myself
Discussed with: emaste (informal approval)
Relnotes: sure?
Differential Revision: https://reviews.freebsd.org/D23392
etc/mtree/BSD.root.dist diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.