Scope of Debian’s /home/loser is with permissions 755, default umask 002

November 13, 2020

Posted by Georgi Guninski on Nov 12

On Debian /home/loser is with permissions 755, default umask 0022

(If you don’t understand the numbers, this means a lot of
files are world readable).

On multiuser machines this sucks much.

Question: How much sensitive data can be read on default install?

Partial results:

1. mutt (text email client) exposes ~/.mutt/muttrc,
which might contain the imap password in plaintext.

2. Some time ago on a multiuser debian mirror we found a lot…

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Patreon

Original Source
Tags: , , , , , , , , ,

You may have missed

ransomhouse 1

RansomHouse Ransomware Victim: STERCH – INTERNATIONAL s[.]r[.]o[.]

April 24, 2024
ransomhouse 1

RansomHouse Ransomware Victim: Bank Pembangunan Daerah Banten Tbk PT

April 24, 2024
BianLian

BianLian Ransomware Victim: defi SOLUTIONS[.]

April 24, 2024
CISA Logo

CISA: Juniper Releases Security Bulletin for Multiple Juniper Products

April 24, 2024
CISA Logo

CISA: Joint Guidance on Deploying AI Systems Securely

April 24, 2024