Ken, On Tuesday 26 April 2005 07:06, Ken Schneider wrote:
On Tue, 2005-04-26 at 06:22 -0700, Randall R Schulz wrote:
Hi,
I see my language was a bit ambiguous...
Witness:
Add this example:
% ll -d ~/.mozilla drwx------ 6 rschulz users 112 2005-02-25 14:47 /home/rschulz/.mozilla/
Try this:
The mailbox directories whose permissions include group and world read are protected by the inaccessibility of directories higher up in the hierarchy.
Now, if those directories had world execute bits _and_ someone knew the profile directory name (the funky "stzvnglp.slt" in my case), then they could get at work-readable files within.
And this:
Now, if the ~/.mozilla, ~/.mozilla/defualt and ~/.mozilla/default/stzvnglp.slt/ all had world execute permissions set _and_ someone knew the profile directory name (the funky "stzvnglp.slt" in my case), then they could get at those world-readable mailbox directories and files within.
But why have perms to files that someone -might- be able to guess at.
Read what I wrote. You'd have to enable execute permissions in all those leading directories for that to work. If you enabled execute _and_ read on those directories, then people could simply look at the directories and access those mail files. But by all means, be as paranoid as you want. But you're much better off understanding how things work than applying some blanket "solution."
Another strange one is look at the perms in /home. I can cd to -any- login home dir which -should- not be possible. Seems like someone really screwed up with that one. Do ll -a in someone's home dir and see how many files you have read access to. -No one- but the owner and root should have any access to their files. I thought "security through obscurity" was M$'s motto not linux's.
Whether or not that -should- not be possible depends on what your machine is used by and whom it is used by. My system is accessible only to a few trusted friends and coworkers, and I _want_ them to be able to access all my files and vice versa.
Ken Schneider
Randall Schulz