The Wednesday 10 December 2008 07:04:50 [EMAIL PROTECTED], you wrote : > On Mon, Dec 08, 2008 at 10:33:02AM -0500, Lennart Sorensen wrote: > > On Sun, Dec 07, 2008 at 04:11:04PM +0100, Hans-J. Ullrich wrote: > > > thanks for the list. I checked and found out, that a lot of binaries in > > > /sbin got permissions to rwxr-xr-- (root:root), but they should have > > > rwxrwxr-x. I wondered, as I never changed the rights manually in the > > > past and I am sure, I have not been hacked. So there is only one > > > explanation: an applicatiopn must have changed it. Does someone know, > > > which application is changing rights of binaries below /sbin ? I > > > suppose, it is either bastille (which I installed and deinstalled a > > > long time ago) or selinux (which i still installed). > > > > > > Please, which manual did i miss to read ??? > > > > So far the only thing I have ever seen that causes that is silly people > > who mess with the umask of the root user (which causes dpkg to make lots > > of mistakes). > > Perhaps dpkg shouldn't rely on the umask of the root user? Perhaps is > should set it itself? Could this be considered a dpkg bug?
It sounds reasonable indeed that dpkg don't rely on root umask. I don't want root to have a umask of 022 because usually I don't want users to read root file by default. Even if most of the time it's not a security issue, I don't want these file to be readable by users by default in case I forget to restrict rights of sensitive files. Furthermore, AFAIK files in /bin, /sbin and other bin directories aren't created, they are untared so that rights of these files are rights they have when tared by the debian maintener of the package. > > -- hendrik > > > So if you ever set a umask for your root user, well don't and reinstall > > every affected package to fix the permissions. > > > > -- > > Len Sorensen > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact > > [EMAIL PROTECTED] Greetings, Thomas Preud'homme -- Why debian : http://www.debian.org/intro/why_debian
signature.asc
Description: This is a digitally signed message part.