-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On March 7, 2003 19:33 pm, Pierre Fortin wrote: > On Fri, 7 Mar 2003 12:09:20 -0600 (CST) "J.P. Pasnak" > > <[EMAIL PROTECTED]> wrote: > > Pierre Fortin said: > > > SIGH... I recently noticed that all my users' home directories > > > had 755 permissions... changed this to 700 and now it's back to > > > 755... What's the point of separate userids if msec allows each > > > user to read another's directory?? > > > > > > Will there be a more secure default in 9.1...? If not, then I > > > don't care to continue with msec on my systems: rpm -e msec && > > > chmod 700 /home > > > > msec works exactly as it should, and I doubt they will change the > > defaults because of people not knowing how to use it. > > > > Learn how to edit '/usr/share/msec/perm.x' or create a custom > > permission file with drakperm. > > > > Also, read this article: > > http://www.mandrakesecure.net/en/docs/msec.php > > See also the rant inside my reply to Jack... gratuitously lowering > owner-defined security levels is irresponsible... trying to shift > the blame to the owner with "local rules" doesn't cut it.... I made > my local rules EXplicitly when I made /home/* 700... Blindly > lowering them, without even asking BTW, is a security violation > IMO....
OK, I see your point here, but how would you go about implementing this? Would msec have to do comparisons on all directories, increasing completion time and usage? Would it have on/off per directory functionality? I like msec, and have over time worked around it's quirks, so I'd like to see it improved rather than chucked out... - -- Live fast, die young, you're sucking up my bandwidth. - ------ J.P. Pasnak, CD CCNA [EMAIL PROTECTED] http://www.warpedsystems.sk.ca Kernel version: 2.4.21-0.13mdk Current Linux uptime: 1 hour 19 minutes. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+ahQ+BMRgzmzdk08RAm2PAKDBTpYf+QpQFAzlq3/PHMgQ1dZPWQCgu1se E+tXQwGObMMosh+kNwtM5NE= =IQHG -----END PGP SIGNATURE-----
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
