Re: access rights in /sbin and /bin [Update]

To: debian-amd64@lists.debian.org
Subject: Re: access rights in /sbin and /bin [Update]
From: "Thomas Preud'homme" <robotux@celest.fr>
Date: Tue, 9 Dec 2008 14:18:53 +0100
Message-id: <[🔎] 200812091418.53139.robotux@celest.fr>
In-reply-to: <[🔎] 20081210060450.GA29367@topoi.pooq.com>
References: <[🔎] 200812071611.05082.hans.ullrich@loop.de> <[🔎] 20081208153302.GR5680@csclub.uwaterloo.ca> <[🔎] 20081210060450.GA29367@topoi.pooq.com>

The Wednesday 10 December 2008 07:04:50 hendrik@topoi.pooq.com, you wrote :
> On Mon, Dec 08, 2008 at 10:33:02AM -0500, Lennart Sorensen wrote:
> > On Sun, Dec 07, 2008 at 04:11:04PM +0100, Hans-J. Ullrich wrote:
> > > thanks for the list. I checked and found out, that a lot of binaries in
> > > /sbin got permissions to rwxr-xr-- (root:root), but they should have
> > > rwxrwxr-x. I wondered, as I never changed the rights manually in the
> > > past and I am sure, I have not been hacked. So there is only one
> > > explanation: an applicatiopn must have changed it. Does someone know,
> > > which application is changing rights of binaries below /sbin ? I
> > > suppose, it is either bastille (which I installed and deinstalled a
> > > long time ago) or selinux (which i still installed).
> > >
> > > Please, which manual did i miss to read ???
> >
> > So far the only thing I have ever seen that causes that is silly people
> > who mess with the umask of the root user (which causes dpkg to make lots
> > of mistakes).
>
> Perhaps dpkg shouldn't rely on the umask of the root user?  Perhaps is
> should set it itself?  Could this be considered a dpkg bug?

It sounds reasonable indeed that dpkg don't rely on root umask. I don't want 
root to have a umask of 022 because usually I don't want users to read root 
file by default. Even if most of the time it's not a security issue, I don't 
want these file to be readable by users by default in case I forget to 
restrict rights of sensitive files.

Furthermore, AFAIK files in /bin, /sbin and other bin directories aren't 
created, they are untared so that rights of these files are rights they have 
when tared by the debian maintener of the package.

>
> -- hendrik
>
> > So if you ever set a umask for your root user, well don't and reinstall
> > every affected package to fix the permissions.
> >
> > --
> > Len Sorensen
> >
> >
> > --
> > To UNSUBSCRIBE, email to debian-amd64-REQUEST@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact
> > listmaster@lists.debian.org


Greetings,

Thomas Preud'homme

-- 
Why debian : http://www.debian.org/intro/why_debian

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to:

Follow-Ups:
- Re: access rights in /sbin and /bin [Update]
  - From: "Hans-J. Ullrich" <hans.ullrich@loop.de>

References:
- access rights in /sbin and /bin [Update]
  - From: "Hans-J. Ullrich" <hans.ullrich@loop.de>
- Re: access rights in /sbin and /bin [Update]
  - From: lsorense@csclub.uwaterloo.ca (Lennart Sorensen)
- Re: access rights in /sbin and /bin [Update]
  - From: hendrik@topoi.pooq.com

Prev by Date: Re: access rights in /sbin and /bin [Update]
Next by Date: Re: access rights in /sbin and /bin [Update]
Previous by thread: Re: access rights in /sbin and /bin [Update]
Next by thread: Re: access rights in /sbin and /bin [Update]
Index(es):
- Date
- Thread