[Pkg-shadow-devel] Bug#1026213: login: $HOME created as 0755 by default
debian user
debian.user at gmail.com
Fri Dec 16 11:50:18 GMT 2022
Package: login
Version: 1:4.13+dfsg1-1
Severity: grave
Tags: security
Justification: user security hole
X-Debbugs-Cc: root at localhost.lan, Debian Security Team <team at security.debian.org>
Dear Maintainer,
please uncomment the line in /etc/login.defs that currently says:
#HOME_MODE 0700
to say:
HOME_MODE 0700
The current settings makes user $HOME directories be created with
permissions where other users can read the contents by default.
-- System Information:
Debian Release: bookworm/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-19-amd64 (SMP w/4 CPU threads)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: unable to detect
Versions of packages login depends on:
ii libaudit1 1:3.0.7-1.1+b2
ii libc6 2.36-6
ii libcrypt1 1:4.4.33-1
ii libpam-modules 1.5.2-5
ii libpam-runtime 1.5.2-5
ii libpam0g 1.5.2-5
login recommends no packages.
login suggests no packages.
-- no debconf information
More information about the Pkg-shadow-devel
mailing list