lynx-dev a word from on high

[Philip Webb]

981009 NHE & TD commented on our system security:
>>>  ls -ld /homefs/u7/purslow  gives: 
>>>   
>>> drwx--x--x    9 purslow  user         512 Oct  9 07:53 /homefs/u7/purslow 
>>        ^  ^ 
>> As an amateur, I find this curious.  I have always made permissions 
>> on private accounts 700.  With a setup like this, couldn't a person 
>> logged on to that system exec any of the programs under that directory, 
>> e.g., run the private image of lynx within that directory? 
> yes - IF they know where it is.
 
the CHASS sysadmin has replied to my questions very promptly:

(1) why are user home directories world-executable?

reply> A directory being world executable does not mean that programs
> in that directory (or its subdirectories) can be executed by others.
> Access to files (incl programs) is governed by their own set of permissions.
> It may sound a bit confusing, but world executable directories are needed
> solely to gain access to directories (not to files in those directories).
> Now, if you have your web site on  ~purslow , that translates
> to  /homes/purslow/public_html : without  /homes/purslow  being
> world executable, nobody would be able to access your personal web pages.
> Within  /homes/purslow  you can create any number of subdirectories
> as  700  (ie  rwx------ ), and nobody will have access to them.
> Even within the home directories, your files can be made  600  or  700
> (ie  rw-------  or  rwx------ ) & again nobody will be able to access them.

(2) why is  /homes/purslow  a symbolic link (i knew this one already)?

> Every user has a home directory on a file system, in your case  /homefs/u7
> Because there are many such file systems on many physical disks
> (and some file systems even span more than one physical disk),
> the standard way of expressing a home directory is by  /homes/userid ,
> which means every user is listed in  /homes , from which a symbolic link
> points to the actual file system where that home directory is mounted.
> This way we can move disks around, create & delete various file systems etc
> & users will still be able to refer to their home directories
> in a constant manner (ie via  /homes/userid ).

(3) why is there a link-to-a-link?

> Oh, but this should be absolutely irrelevant to any program accessing
> your home directory as /homes/purslow.  Symbolic links are resolved
> internally by the operating system (NOT by the application).
>  /homes  could have been put anywhere, depending on where we had disk space
> during various reorganizations of file systems.  The whole idea
> of a logical home directory is to isolate users from this kind
> of dependencies.  I can't think of a program that would have problems
> with symbolic links.
>
> To specifically answer your question, consider a situation when you are
> rebuilding the root directory ( / ), but don't want users to be affected.
>  /homes  is made to point elsewhere (eg to  /var  file system),
> where user home directories are placed, many of them actually dispersed
> accross other file systems (thus the second link).  Still, I don't see
> why such things should be of any interest to you (or any other user).
> It's like asking how Canada Post maps your postal code to actual address:
> whether they go through "one link" or many, should be absolutely irrelevant
> to you as long as your letters are delivered.

so where's the potential security hole i'm being protected against
by the piece of programming which prevented my saving  .lynxrc ?

-- 
========================,,============================================
SUPPORT     ___________//___,  Philip Webb : address@hidden
ELECTRIC   /] [] [] [] [] []|  Centre for Urban & Community Studies
TRANSIT    `-O----------O---'  University of Toronto