Re: setgid umask override versus global umask change

To: debian-devel@lists.debian.org
Subject: Re: setgid umask override versus global umask change
From: "C. Gatzemeier" <c.gatzemeier@tu-bs.de>
Date: Sun, 30 May 2010 20:25:55 +0200
Message-id: <20100530202555.26181f99c.gatzemeier@tu-bs.de@tu-bs.de>
In-reply-to: <[🔎] 201005300944.50893.mgb-debian@yosemite.net>
References: <[🔎] 201005300944.50893.mgb-debian@yosemite.net>

Am Sun, 30 May 2010 09:44:49 -0700
schrieb Mike Bird <mgb-debian@yosemite.net>:
 
> This would seem to be a trival kernel patch, whether implemented
> alone or together with a /sys control to enable/disable it.
> 
> Can anyone see any downside?

I guess the interface would be quite different. Checking the current
umask and overriding it if needed are standard procedures for apps.

Other than that, it seems it would not allow shared access to $HOME
or files in any other non-sgid directories with a multiple member
private group.

Do you see a security hole in granting user permission for the group
after the suggested UPG tests (instead of a global umask change)? 

Cheers,
Christian

Reply to:

References:
- setgid umask override versus global umask change
  - From: Mike Bird <mgb-debian@yosemite.net>

Prev by Date: Re: same UIDs across multiple systems
Next by Date: Re: same UIDs across multiple systems
Previous by thread: Re: setgid umask override versus global umask change
Next by thread: Re: setgid umask override versus global umask change
Index(es):
- Date
- Thread