Scope of Debian’s /home/loser is with permissions 755, default umask 002

Posted by Georgi Guninski on Nov 12

On Debian /home/loser is with permissions 755, default umask 0022

(If you don’t understand the numbers, this means a lot of
files are world readable).

On multiuser machines this sucks much.

Question: How much sensitive data can be read on default install?

Partial results:

1. mutt (text email client) exposes ~/.mutt/muttrc,
which might contain the imap password in plaintext.

2. Some time ago on a multiuser debian mirror we found a lot…

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Patreon

Original Source