/ access to all users?

[Rava]

Hello team!

In my book, (due to security reasons) a normal non root user should not be allowed to create any files or folders in /

Still, the x86-64 version of Port 2.1 allows him to do so:

Code: Select all

guest@porteus:/mnt/live/memory/images$ ls -oa 001-core.xzm/. 010-nVidia-304.88-porteus-v2.1-x86_64-1fmt.xzm/. -d
drwxrwxrwx 20 root 281 Aug  2 11:35 001-core.xzm/.
drwxrwxrwx  6 root  71 Jul 23 02:55 010-nVidia-304.88-porteus-v2.1-x86_64-1fmt.xzm/.

We should create a rule that applies to all modules, that "/" (or, in module speech, the base folder of the module) should:

be owner root.root
not be 0777 (drwxrwxrwx) but instead
0755 (drwxr-xr-x)

Unless it's a folder like /root or /sbin or such, then it should be owned by root.root and have 0700 (drwx------)

Team members, your thoughts?

[Hamza]

That's already like this. '/' is owned by root only on our base modules.

[Rava]

That's already like this. '/' is owned by root only on our base modules.

As you can see above, two official modules break that rule. And by doing so, the stat for / will be changed to 0777 instead of 0755.

And this is not only about ownership root.root (aka chown), but access rights (aka chmod)

root@porteus:/tmp/001-core-rava# stat /
File: ‘/’
Size: 380 Blocks: 0 IO Block: 4096 directory
Device: fh/15d Inode: 2 Links: 71
Access: (0777/drwxrwxrwx) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2013-09-05 06:53:58.745000000 +0200
Modify: 2013-09-05 06:53:54.154000000 +0200
Change: 2013-09-05 06:53:54.154000000 +0200
Birth: -

(my emphasis)

ATM I re-create both above listed modules changed to 0755 to have a fix for my version of 2.1.

[fanthom]

hi Rava,

will update dir2xzm script to always 'chmod 755' and 'chown 0:0' the target directory before creating a module.
thanks for pointing this out.

[Rava]

fanthom, you are welcome...

Will is be available online as well so that all of us can use the newer version as well?

[fanthom]

yes - will push it through porteus updates along with other small fixes.

[Rava]

Okay...

So, what do I have to do in PPM again to get this update?

And would it come as small xzm? To be includes it the porteus/base or porteus/modules folder?

[francois]

Hi rava. I imagine that the change will be available thru porteus setting center > porteus updater. fanthom will surely correct this answer if it is wrong.