puredyne-team team mailing list archive

Thread
Date

[Bug 501340] Re: insecure world-writable dir /usr (mode 040757)

To: puredyne-team@xxxxxxxxxxxxxxxxxxx
From: Aymeric Mansoux <aymeric@xxxxxxxxxx>
Date: Fri, 01 Jan 2010 12:28:17 -0000
Reply-to: Bug 501340 <501340@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

They should not be writable indeed. As far as I understand ubiquity, the
full installation is just a luxurious "cp --preserve" so it makes sense
that the permissions flaws are inherited.

broth is a just a high level wrapper for lh. It does not interfere with
the chroot creation and squashing. But it does supply custom files to be
added in /etc and /usr.

things to check (thinking out loud):
- 1st we need to check on the lh list (+ grep their git repos) if there is anything related to this issue
- if not, has the chroot before squashing similar flaws?
   - if yes -> why? (maybe chroot_local_includes needs to have the right permissions right away?) -> bug to file again lh
   - if no -> needs to investigate aufs and how these folders are mounted during the live boot

-- 
insecure world-writable dir /usr (mode 040757)
https://bugs.launchpad.net/bugs/501340
You received this bug notification because you are a member of puredyne
team, which is a direct subscriber.

Status in Puredyne liveCD/DVD/USB/HD: New

Bug description:
Both in liveUSB and after install, it seems /usr is world-writable (mode 040757) which is very insecure. I've grepped around a bit but I haven't spotted why it's happening but I guess it's not deliberate - is it an artefact of broth?

Also world-writable are /sbin and /etc - none of these should be world-writable, right?

References

[Bug 501340] [NEW] insecure world-writable dir /usr (mode 040757)
From: danstowell, 2009-12-29