On Tue, 2005-04-26 at 06:22 -0700, Randall R Schulz wrote:
Hi,
I see my language was a bit ambiguous...
Witness:
Add this example:
% ll -d ~/.mozilla drwx------ 6 rschulz users 112 2005-02-25 14:47 /home/rschulz/.mozilla/
Try this:
The mailbox directories whose permissions include group and world read are protected by the inaccessibility of directories higher up in the hierarchy.
Now, if those directories had world execute bits _and_ someone knew the profile directory name (the funky "stzvnglp.slt" in my case), then they could get at work-readable files within.
And this:
Now, if the ~/.mozilla, ~/.mozilla/defualt and ~/.mozilla/default/stzvnglp.slt/ all had world execute permissions set _and_ someone knew the profile directory name (the funky "stzvnglp.slt" in my case), then they could get at those world-readable mailbox directories and files within.
But why have perms to files that someone -might- be able to guess at. Another strange one is look at the perms in /home. I can cd to -any- login home dir which -should- not be possible. Seems like someone really screwed up with that one. Do ll -a in someone's home dir and see how many files you have read access to. -No one- but the owner and root should have any access to their files. I thought "security through obscurity" was M$'s motto not linux's. -- Ken Schneider UNIX since 1989, linux since 1994, SuSE since 1998 "The day Microsoft makes something that doesn't suck is probably the day they start making vacuum cleaners." -Ernst Jan Plugge