[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Fwd: Re: 2.4 kernels - security hole?

Thought I forward this to -devel, just FYI.
It seems kernels >=2.4.3 start up with umask set to 000 instead of 022.

|>If I have understood the man pages, it looks as though the simplest
|>solution would be to use an initscript.
|Correct. I tested and implemented that solution today, and wonder why
|none of the common distributions (I'm with debian potato, colleagues
|checked SuSE and Slackware) do use an initscript.
|This /etc/initscript works for me:
|	umask 022
|	PATH=/bin:/sbin:/usr/bin:/usr/sbin
|	export PATH
|	eval exec "$4"
|To verify the umask change, and later verify the fix, put into /etc/inittab
|	xx:2:wait:/bin/touch /tmp/testfile
|Follow by "init Q", then look at the permissions of /tmp/testfile.


Reply to: