puredyne-team team mailing list archive

Thread
Date

[Bug 501340] Re: insecure world-writable dir /usr (mode 040757)

To: puredyne-team@xxxxxxxxxxxxxxxxxxx
From: danstowell <danstowell+launch@xxxxxxxxx>
Date: Fri, 01 Jan 2010 21:14:20 -0000
Reply-to: Bug 501340 <501340@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Found the problem: broth.sh, in the stock() method, line 83:

   chmod -R o+rw $BUILD_DIRECTORY/config/

Why is this done? If there's a good reason for it then it should
definitely be undone after its purpose has passed. Otherwise we should
delete that line.


** Changed in: puredyne-live
       Status: New => Confirmed

-- 
insecure world-writable dir /usr (mode 040757)
https://bugs.launchpad.net/bugs/501340
You received this bug notification because you are a member of puredyne
team, which is a direct subscriber.

Status in Puredyne liveCD/DVD/USB/HD: Confirmed

Bug description:
Both in liveUSB and after install, it seems /usr is world-writable (mode 040757) which is very insecure. I've grepped around a bit but I haven't spotted why it's happening but I guess it's not deliberate - is it an artefact of broth?

Also world-writable are /sbin and /etc - none of these should be world-writable, right?

References

[Bug 501340] [NEW] insecure world-writable dir /usr (mode 040757)
From: danstowell, 2009-12-29