oss-sec mailing list archives

Debian FEATURE: /home/loser is with permissions 755, default umask 0022

From: Georgi Guninski <gguninski () gmail com>
Date: Wed, 7 Oct 2020 21:00:35 +0300

https://lists.debian.org/debian-security/2020/10/msg00000.html

===
/home/loser is with permissions 755, default umask 0022

on multiuser machines this sucks much.

on a multiuser debian mirror we found a lot of data,
including the wordpress password of the admin.
===

Then in the thread someone with @debian.org email explains
to me it is a feature, not a bug.

In a addition, they suggest to tell them the mirror, lol.

Are debian detached from reality?

Current thread:

Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Georgi Guninski (Oct 07)
- Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Jeremy Stanley (Oct 07)
  - Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Noel Kuntze (Oct 07)
  - Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Brian May (Oct 07)
    - Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Solar Designer (Oct 12)
    - Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Kurt H Maier (Oct 12)
    - Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Jeffrey Walton (Oct 12)
    - Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Brian May (Oct 12)
    - Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Russ Allbery (Oct 12)
    - Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Eli Schwartz (Oct 13)
  - Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Jeffrey Walton (Oct 07)

(Thread continues...)