Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions

Tue, 23 Sep 2008 02:52:18 -0700 

On Tuesday 23 September 2008, Ovid wrote:
> --- On Tue, 23/9/08, Shlomi Fish <[EMAIL PROTECTED]> wrote:
> > The default Mandriva umask appears to be 0002 .
>
> That surprised me, so I googled "default mandriva umask".  All the
> references I found say the default umask is 0022 ... unless ...
>
> Mandriva offers a tool to control security settings.  It's called "Msec":
>
>   http://wiki.mandriva.com/en/Msec
>   http://is.gd/2Zzk
>
> Msec offers 7 security levels.  Level 0 ("The user should not be allowed to
> own a computer") is very insecure (not even a password), and Level 6 comes
> with its own tinfoil hat.  As it turns out, those different security levels
> correspond to different umasks, as detailed here:
>
>   http://www.brunolinux.com/07-Security/Mandriva_Security_Settings.html
>   http://is.gd/2Zzn
>
> The only levels which provide a default umask of 0002 are levels 0 and 1,
> both of which are *NOT* recommended, but if that's what you say your
> default is, I can only wonder how, exactly, you managed to get your system
> in that state.  (In fact, distributions generally default to level 3, which
> has a default umask of 0022.)

My /etc/sysconfig/msec reads:

{{{{{{{{{
UMASK_ROOT=022
SECURE_LEVEL=3
UMASK_USER=022
TMOUT=0
}}}}}}}}}

So it should be OK, but it's not. Even if I login from the console as a 
different user, for which I did not set the umask explicitly. I see he has a 
umask of 0002. Maybe it's the doing of one of the files in /etc.

>
> Of course, even as Eric pointed out, a umask of 0002  still masks the world
> writeable permissions, so I still don't see how you're getting there and if
> you've configured your system to give *you* a umask of 0022, then you still
> shouldn't be getting the warnings you're getting.  I don't understand how
> this arose, but I'd be curious to find out how.

OK. I'll investigate.

Regards,

        Shlomi Fish

-----------------------------------------------------------------
Shlomi Fish       http://www.shlomifish.org/
What Makes Software Apps High Quality -  http://xrl.us/bkeuk

Shlomi, so what are you working on? Working on a new wiki about unit testing 
fortunes in freecell? -- Ran Eilam

Reply via email to