My perception was that the consensus reached was that we wanted umask relaxation to be safe.
Bug#583970: pam_umask "usergroups": test if primary group, with only implicit membership of the user Closed on Sun, 6 Jun 2010 15:32:43 -0700: > I don't think this is a check that it makes sense to add to > pam_umask. This isn't part of the *definition* of user-private > groups, it's just a feature of the most common *implementation* of > UPG. IMHO the same holds true for the username and user-ID checks in place, they are not strictly required for an UPG implementation. If the group can be considered to be a private group (and be granted write permissions) is ultimately only determinable by the user looking at and knowing/trusting the members of his primary group. What distros do is, they add certain properties to UPGs to be able to recognize the UPGs that are set up by their tools. Completing the set of checks to match the set of properties of distro's UPG implementation increases the security of the common implementation of UPGs. It eliminats the cases of insecure umask relaxation! Because the set of checks is incomplete (does not cover the specific properties added) I'd even consider it a security relevant bug, not only a wishlist item. Even if the check would not be enabled by default upstream, Debian could (and according articulated security concerns, Debian probably should) enable it, because Debian's UPG implementation supports those UPG properties. (Well, at least the one that is checked with the above test. The UID==GID alignment will be fixed.) Cheers, Christian -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100610134950.709a9...@smtp.tu-bs.de