Scope of Debian’s /home/loser is with permissions 755, default umask 002

November 13, 2020

Posted by Georgi Guninski on Nov 12

On Debian /home/loser is with permissions 755, default umask 0022

(If you don’t understand the numbers, this means a lot of
files are world readable).

On multiuser machines this sucks much.

Question: How much sensitive data can be read on default install?

Partial results:

1. mutt (text email client) exposes ~/.mutt/muttrc,
which might contain the imap password in plaintext.

2. Some time ago on a multiuser debian mirror we found a lot…

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Patreon

Original Source

You may have missed

image 1

CVE Alert: CVE-2024-11362

November 24, 2024
image 1

CVE Alert: CVE-2024-10874

November 24, 2024
image 1

CVE Alert: CVE-2024-10961

November 24, 2024
image 1

CVE Alert: CVE-2024-10886

November 24, 2024
image 1

CVE Alert: CVE-2024-10869

November 24, 2024