/ access to all users?
Posted: 05 Sep 2013, 04:59
Hello team!
In my book, (due to security reasons) a normal non root user should not be allowed to create any files or folders in /
Still, the x86-64 version of Port 2.1 allows him to do so:
We should create a rule that applies to all modules, that "/" (or, in module speech, the base folder of the module) should:
be owner root.root
not be 0777 (drwxrwxrwx) but instead
0755 (drwxr-xr-x)
Unless it's a folder like /root or /sbin or such, then it should be owned by root.root and have 0700 (drwx------)
Team members, your thoughts?
In my book, (due to security reasons) a normal non root user should not be allowed to create any files or folders in /
Still, the x86-64 version of Port 2.1 allows him to do so:
Code: Select all
guest@porteus:/mnt/live/memory/images$ ls -oa 001-core.xzm/. 010-nVidia-304.88-porteus-v2.1-x86_64-1fmt.xzm/. -d
drwxrwxrwx 20 root 281 Aug 2 11:35 001-core.xzm/.
drwxrwxrwx 6 root 71 Jul 23 02:55 010-nVidia-304.88-porteus-v2.1-x86_64-1fmt.xzm/.
be owner root.root
not be 0777 (drwxrwxrwx) but instead
0755 (drwxr-xr-x)
Unless it's a folder like /root or /sbin or such, then it should be owned by root.root and have 0700 (drwx------)
Team members, your thoughts?