Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the '10.5: A deeper look at drop box permissions issues' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.5: A deeper look at drop box permissions issues
Authored by: lincd0 on Oct 24, '08 10:00:29AM

The drop-box idea is terrible, because in order for it to work, each user's home directory has to be world-readable at the top level, which may expose sensitive information. The same goes for personal web sites. For security, the mode of the home directory should be rwx------, and delete the drop box. There are much better ways for users to exchange files.

However, it's no problem if a file in the drop box is read-only for the recipient, unless the file is larger than the amount of free disk space. Just make a copy, and delete the original.



[ Reply to This | # ]
10.5: A deeper look at drop box permissions issues
Authored by: siteisbroken on Oct 24, '08 11:36:45AM

The user's home directory doesn't have to readable, only executable. Permissions could be rwx--x--x or rwx--x---.

The execute permission on a directory allows access to files or subdirectories in the directory, provided that the name is known. The read permission would allow names of these files or subdirectories to be read, but would not by itself allow them to be accessed.



[ Reply to This | # ]
10.5: A deeper look at drop box permissions issues
Authored by: lincd0 on Oct 24, '08 03:05:26PM

That's correct, but it doesn't change my point. The drop box mechanism makes data at the top level of the user's home directory accessible to other users. That would include many files with predictable names.



[ Reply to This | # ]