Ubuntu 18.04.1 and below: Information disclosure through world readable by default home directory permissions
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
shadow (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
1)Ubuntu 18.04.1
2)package passwd 4.5-1ubuntu1 (shadow)
3)Expected default home directory permissions of 0700 (no one should be able to read anyone else's files - probably required by European GDPR and others).
4) Home directory permissions of the first created user (potential root via sudo) on fresh Ubuntu 18.04.1 installation are 0755 (world read and executable).
useradd -m NEWUSER also creates home directories with 0755 permissions (rx by world).
Creating a new User via GUI also creates home directories with 0755 permissions (rx by world).
GUI unfortunately creates Documents, Music, Videos, ... with world readable permissions too (another OS I have seen insecure home directory permissions too, but there at least the subfolders did not have world readable permissions).
Thus every local user can read files created by other local users (security type "Loss of Privacy"). That there are other ways to read non-encrypted files is no excuse for such open permissions.
If i.e. this was a web server and Apache is badly configured it could be used to remotely read confidential information without valid credentials too (increases risk and exploitability).
information type: | Private Security → Public Security |
Seems that I had viewed another bug report and launchpad ignored chosen shadow package.