mandrake-9.1 KDE: Insecure permissions (755) of ~/.kde

[Guest ndeb]

It seems that ~/.kde has default permissions of 755 when it should instead be 700. After all, this directory has all the user's personal KDE settings.

[Guest ndeb]

Looking back, the same problem was there in the texstar KDE-3.1 rpms for LM9.0.

[Michel]

A little thought. When I (suppose also you) start the computer, you can also choose for "failsafe". Everyone can do that. If you choose failsafe, you get logged it automatically as root!!!!no password is requested.....If I just delete it out of the startupmanager will this completely solve it. I also need to test if you can type as a user init 1 .Normally not.This is a command that exist for a long time..

[manly]

That's strange... when I log in using failsafe, I simply get a terminal logged in as my normal user, in my home directory. Are you running MDK 9.1? Have you put on anything that might cause this error?

 

Andrew

[Guest ndeb]

I don't what the .kde directory permissions may have to to do with failsafe booting. Its a plain and simple mandrake KDE bug.

[illogic-al]

I don't what the .kde directory permissions may have to to do with failsafe booting. Its a plain and simple mandrake KDE bug.

i don't see it as a bug. it's more of a feature. i wouldn't want stuff in my kde directory to have the perms you listed because (1) there is nothing in there that important; so what if someone steals you're desktop config and (2) all important private stuff, kmail for e.g., has it's own protected directory. I'd rather be able to have one user see another users directorys since i use more than one distro but want the desktops to look/behave simlarly

[Guest ndeb]

i don't see it as a bug. it's more of a feature. i wouldn't want stuff in my kde directory to have the perms you listed because (1) there is nothing in there that important; so what if someone steals you're desktop config

I have compiled KDE (from original source) on other platforms (SuSE) and the default permissions of ~/.kde are always 700. Its mandrake which seems to do things differently. Also, there are lots of imporant and private stuff in ~/.kde like:

- SSL certificates obtained during accessing secure sites (say, for banking and credit card purchases)

- cookies that allow automatic login

- stored passwords

- your personal bookmarks

- history of websites visited

- files downloaded (thru KDE) using http/ftp

Only spywares need "features" like this. Obviously, you could argue that some files (in .kde ) may be more open that others. But that will require a lot of book-keeping which can be avoided by a simple 700 mode for .kde.

 

I'd rather be able to have one user see another users directorys since i use more than one distro but want the desktops to look/behave simlarly

That is the particular user's choice, not the same as the installation default. And I do not know how many users would like others to see their SSL certificates and information about their credit card purchases.

 

And the ~/.kde permissions look quite ironic since even in the lowest security level (standard), I can't view a system file like /var/log/XFree86.0.log without being root. Why does a system become insecure if I can see my own X log ? I guess that is a "feature" too.

[illogic-al]

I have compiled KDE (from original source) on other platforms (SuSE) and the default permissions of ~/.kde are always 700. Its mandrake which seems to do things differently.

i didn't say that this was the kde default i said that i thought it was a feature. I know for one that suse puts the permissions so that it's unreadable by others. I also know that debian has a nice feature (which would make everyone here happy) to make the home directory world readable or private at install time.

Also, there are lots of imporant and private stuff in ~/.kde like:

- SSL certificates obtained during accessing secure sites (say, for banking and credit card purchases)

- cookies that allow automatic login

- stored passwords

- your personal bookmarks

- history of websites visited

- files downloaded (thru KDE) using http/ftp

Only spywares need "features" like this. Obviously, you could argue that some files (in .kde ) may be more open that others. But that will require a lot of book-keeping which can be avoided by a simple 700 mode for .kde.

bookmarks, history of websites, and cookies aren't things i consider to be private (although i see how this could be :D ) and the passwords are encrypted (not just in a file anyone can read like, say, what gaim does) But i see how this could be a problem. I used to be paranoid about all this stuff when i ran windows. Since moving to the light however i've had more trust in my OS provider. For people who actually have more than one person using a computer, it does pose a potential problem.

And I do not know how many users would like others to see their SSL certificates and information about their credit card purchases.

 

And the ~/.kde permissions look quite ironic since even in the lowest security level (standard), I can't view a system file like /var/log/XFree86.0.log without being root. Why does a system become insecure if I can see my own X log ? I guess that is a "feature" too.

i don't know how important ssl certificates are but i don't give a rat's patootie about 'em but as you said, that's just me. I have been puzzled as to why only root view the things in /var/log though. Anyone have any thoughts on this?

[Guest davebsr]

Hope you guys are still reading...

 

my ~/.kde contains jack squat. No biggie. mebe ssl certs are in there, i dont' konw...but if it bugs you too much, just chmod -R 700. You probably will want to check user masks - after all, it's you that is creating the file(s)!

 

Secondly, Logs are created by whoever runs the program, and permissions are based on that user's umask. So, if root runs X, the log belongs to root. But if you default init to 3 (console) and startx as a user, the log will be readable by you, because you started X.

 

A lot of it is based on MDK's security settings that you set up at startup. It's not like it's not configurable! if you don't like it, it's super-easy to change.

[aru]

Where is the problem?

 

There is no problem at all with KDE and ~/.kde having 755 permissions. Don't you believe me? Go and type in a term "umask"; you'll see that your user's default umask is 0002 (translated into permissions means: 664 for files and 775 for dirs) which is very, very, very unsecure!!! But is an unsecure umask if you intend to store your 'secret' files on wide open directories such as /tmp!

 

No body can read your ~/.kde files because nobody is able to access your home directory. There is where the security is high (do an "ls -ld ${HOME}") Your home dir permissions are 700

 

If a guy is able to break into your home directory then you are lost, further protection is unnecesary

 

:D

[Guest ndeb]

i don't know how important ssl certificates are but i don't give a rat's patootie about 'em but as you said, that's just me.

Its not what u give but what the system gives up that matters.

 

my ~/.kde contains jack squat. No biggie. mebe ssl certs are in there, i dont' konw...but if it bugs you too much, just chmod -R 700. You probably will want to check user masks - after all, it's you that is creating the file(s)!

I know that chmod -R 700 is all that is required but I am not looking that sort of advice. I want people to know about the default insecure settings.

 

Secondly, Logs are created by whoever runs the program, and permissions are based on that user's umask. So, if root runs X, the log belongs to root. But if you default init to 3 (console) and startx as a user, the log will be readable by you, because you started X.

I have verified that to be true for LM9.1. Note that this was not the case in LM9.0 where you just could not view your own log even if u ran X from run-level 3. In LM9.1, there is a bug too (for run-level 3). If you startx from a console you will be able to view the X log file from within X. Now, switch console and login from the other console (as the same user) but do not start another X display. This second login automatically makes the X log file unreadable by changing ownership from

-rw-rw-r--    1 root     ndeb        29466 Apr  6 13:21 /var/log/XFree86.0.log

to

-rw-r-----    1 root     adm         29866 Apr  6 14:12 /var/log/XFree86.0.log

for the rest of the X session.

 

No body can read your ~/.kde files because nobody is able to access your home directory. There is where the security is high (do an "ls -ld ${HOME}") Your home dir permissions are 700

The default permissions for $HOME (standard security install) is 755. Obviously, you can secure ~/.kde without making $HOME 700 simply by making ~/.kde 700, which is all I want as the default.

 

I just noted that ~/.kderc has 600 permissions !! It seems that even the minimum logic has not been applied to set permissions in mandrake kde.