Fwd: Re: 2.4 kernels - security hole?
Thought I forward this to -devel, just FYI.
It seems kernels >=2.4.3 start up with umask set to 000 instead of 022.
|>If I have understood the man pages, it looks as though the simplest
|>solution would be to use an initscript.
|Correct. I tested and implemented that solution today, and wonder why
|none of the common distributions (I'm with debian potato, colleagues
|checked SuSE and Slackware) do use an initscript.
|This /etc/initscript works for me:
| umask 022
| export PATH
| eval exec "$4"
|To verify the umask change, and later verify the fix, put into /etc/inittab
| xx:2:wait:/bin/touch /tmp/testfile
|Follow by "init Q", then look at the permissions of /tmp/testfile.