Hi Dimstar, excuse that I've forget to double check this before the upgrade to Tumbleweed => but is was very late in the night :-(
Gesendet: Freitag, 09. Januar 2015 um 20:47 Uhr Von: "Dimstar / Dominique Leuenberger"
An: "Mailing List openSUSE Factory" Betreff: Re: Aw: Re: [opensuse-factory] openSUSE 13.2 / Tumbleweed - user have full root access on / - is this security hole ???!!! On Fri, 2015-01-09 at 20:43 +0100, ulfbart@gmx.net wrote:
Hi,
now I've installed the System new but with ext4 FS (openSUSE13.2 afterwords upgrade to Tumbleweed). Again a normal user have root access (read/write/execute)
user@linux:~> touch /test.txt user@linux:~> ls -als / insgesamt 200 4 drwxrwxrwx 22 root root 4096 9. Jan 20:35 . 4 drwxrwxrwx 22 root root 4096 9. Jan 20:35 ..
Ulf,
is this right off the installation without any further steps?
I don't know - not tested :-(
If I understand right, you first installed 13.2: the problem was not yet there at that time?
I don't know - but if you want - I install it again and check it :-/ Or is there any config file which can be checked? # cat /etc/fstab UUID=xxx swap swap defaults 0 0 UUID=yyy / ext4 acl,user_xattr 1 1 # mount sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime) proc on /proc type proc (rw,nosuid,nodev,noexec,relatime) devtmpfs on /dev type devtmpfs (rw,nosuid,size=3925480k,nr_inodes=981370,mode=755) securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime) tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev) devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000) tmpfs on /run type tmpfs (rw,nosuid,nodev,mode=755) tmpfs on /sys/fs/cgroup type tmpfs (rw,nosuid,nodev,noexec,mode=755) cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd) pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime) cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset) cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpu,cpuacct) cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory) cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices) cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer) cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls,net_prio) cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio) cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event) cgroup on /sys/fs/cgroup/hugetlb type cgroup (rw,nosuid,nodev,noexec,relatime,hugetlb) /dev/sda1 on / type ext4 (rw,relatime,data=ordered) systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=34,pgrp=1,timeout=300,minproto=5,maxproto=5,direct) hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime) mqueue on /dev/mqueue type mqueue (rw,relatime) debugfs on /sys/kernel/debug type debugfs (rw,relatime) rpc_pipefs on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw,relatime) gvfsd-fuse on /run/user/1003/gvfs type fuse.gvfsd-fuse (rw,nosuid,nodev,relatime,user_id=1003,group_id=100) fusectl on /sys/fs/fuse/connections type fusectl (rw,relatime) Or should I change some settings?
then you upgraded to tumbleweed: can you elaborate how exactly you did this?
I followed this instrucktions: https://en.opensuse.org/openSUSE:Tumbleweed_installation Now I've stored it in a short script: # cat ~/bin/MkTumbleweed.sh #!/bin/bash myOldRepos="/etc/zypp/repos.d/$( date +%F )" mkdir ${myOldRepos} || ( echo "${myOldRepos} exists" ; exit ) mv /etc/zypp/repos.d/*.repo ${myOldRepos} # zypper ar -f -c http://download.opensuse.org/tumbleweed/repo/oss repo-oss zypper ar -f -c http://download.opensuse.org/tumbleweed/repo/non-oss repo-non-oss zypper ar -f -c http://download.opensuse.org/tumbleweed/repo/debug repo-debug zypper ar -f -c http://download.opensuse.org/update/tumbleweed repo-update # zypper ar -f -d -c http://download.opensuse.org/tumbleweed/repo/src-oss repo-src-oss zypper ar -f -d -c http://download.opensuse.org/tumbleweed/repo/src-non-oss repo-src-non-oss # zypper ar -f -c -n packman http://packman.inode.at/suse/openSUSE_Tumbleweed/ packman # zypper lr -u zypper ref zypper dup --download in-advance Regards Ulf -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org