Bug 106004

Summary: Insecure permissions in homedirs
Product: [openSUSE] SUSE LINUX 10.0 Reporter: Stefan Nordhausen <nordhaus>
Component: SecurityAssignee: Petr Mladek <pmladek>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: mmeeks, pmladek, security-team
Version: Beta 2   
Target Milestone: ---   
Hardware: All   
OS: All   
Whiteboard:
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Stefan Nordhausen 2005-08-20 14:08:51 UTC 
In addition to a users home directory being chmod 755, his ~/Documents directory
is chmod 755 as well. This, combined with a umask of 022 means that a users
documents can, by default, be read by all other users. Even if a user creates a
new directory for his data, it too will have permissions 755 because of his umask.

I suggest that at least ~/Documents should have mode 700, so that we are not
insecure by default. Similarly, I see no reason ~/ooo-2.0-pre should be 755.
This one should be 700 as well. Also, ~/.recently-used should have mode 600.


Maybe YaST2 should offer an easy possibility to change the default umasks and
homedir permissions since these are highly security relevant. Btw, my personal
setup is "chmod -R go-rwx ~; umask 077"
Comment 1 Ludwig Nussel 2005-08-22 13:54:08 UTC 
Since Desktop is 700 it makes sense to have Documents 700 as well => aaa_skel  
-> ro  
  
I suppose ooo-2.0-pre is the equivalent of Documents inside OOo  =>  
OpenOffice_org -> pmladek  
  
I don't know where .recently-used comes from but mine is 600 alreay.  
  
Wrt to umask setting, we have already filed a feature request for yast. The 
default 022 is just fine for the majority of installations though.
Comment 2 Stefan Nordhausen 2005-08-22 14:10:10 UTC 
On my system, .recently-used magically switched to mode 600 as well. I deleted
it, started OpenOffice and safed an empty document -> the file existed again and
had access mode 644. Wherever it comes from, OO has something to do with it.
Comment 3 Petr Mladek 2005-08-22 14:16:20 UTC 
I think that it is a good idea to create ~./ooo-2.0-pre with 700 access rights.
I could change it this way. Michael, do you see any problems with it?

OOo uses the .recently-used directory but I think that it is used by more
applications. Michael, you worked at this feature for OOo. Do you know anything
about it?
Comment 4 Michael Meeks 2005-08-22 14:49:08 UTC 
Well not -much- document wise is stored in ~/.ooo-2.0-pre - although AFAIR the
auto-save functionality may be doing that now. So - yes, we prolly do need to
clobber that.

However - arguably this is a umask problem - why are we allowing just anyone to
read all the data in our account ? surely that's a madness - just discovered all
my files are unprotected ...

[ is this a decision from the same security team that thinks encouraging every
desktop user to completely disable the firewall (due to it blocking *outgoing*
broadcast packets - killing N/W browse) increases security ? ;-].
Comment 5 Ruediger Oertel 2005-08-22 17:01:20 UTC 
skel/Documents to 700 : done.
Comment 6 Petr Mladek 2005-08-29 17:11:53 UTC 
I have added a hack into the ooo-wrapper, so it creates ~/ooo-2.0-pre with
permissions 700. I tried to hack it in the OOo code but it was not easy. Yes,
there was a code that checked this directory and created it. But in fact, the
directory was created somewhile sooner when another code tries to write
~/.ooo-2.0-pre/user/registry/cache. So, I rather created the directory with
secure permissions already in the wrapper.

Also, I have added a hack for the file ~/.recently-used into the wrapper. If the
file does not exist, the wrapper touches it with permissions 600.

It seems to work well. The fix should be available on 10.0-beta4.

This was the latest problem in this bug, so I'll close it as FIXED.