Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.security > #6170
| From | Paul Wise <pabs@debian.org> |
|---|---|
| Newsgroups | linux.debian.security |
| Subject | Re: Vulnerability in pcs or is it in more generic code? |
| Date | 2022-09-06 03:10 +0200 |
| Message-ID | <F2vgd-5A8U-5@gated-at.bofh.it> (permalink) |
| References | <F2vgd-5A8U-7@gated-at.bofh.it> <F2qqd-5x85-5@gated-at.bofh.it> |
| Organization | Debian |
[Multipart message — attachments visible in raw view] - view raw
On Mon, 2022-09-05 at 21:38 +0200, Ola Lundqvist wrote: > I agree that it is good to fix the pcs package, but shouldn't we fix > the default umask in general? > I would argue that the default umask is insecure. bookworm login sets new user home directories to secure permissions: $ grep -E 'HOME_MODE\s*[0-9]' /etc/login.defs #HOME_MODE 0700 This somewhat mitigates, but not completely, the umask being insecure: $ grep -E 'UMASK\s*[0-9]' /etc/login.defs UMASK 022 I can't find any bugs open about changing the default umask, but it was mentioned in replies to the recent adduser thread: https://lists.debian.org/msgid-search/YieJALY0ny0+07pw@torres.zugschlus.de -- bye, pabs https://wiki.debian.org/PaulWise
Back to linux.debian.security | Previous | Next — Previous in thread | Next in thread | Find similar
Vulnerability in pcs or is it in more generic code? Ola Lundqvist <ola@inguza.com> - 2022-09-05 22:00 +0200
Re: Vulnerability in pcs or is it in more generic code? Paul Wise <pabs@debian.org> - 2022-09-06 03:10 +0200
Re: Vulnerability in pcs or is it in more generic code? Ola Lundqvist <ola@inguza.com> - 2022-09-09 23:10 +0200
Re: Vulnerability in pcs or is it in more generic code? Paul Wise <pabs@debian.org> - 2022-09-10 03:40 +0200
Re: Vulnerability in pcs or is it in more generic code? Ola Lundqvist <ola@inguza.com> - 2022-09-10 23:50 +0200
csiph-web