[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: UPG and the default umask

The Fungi <fungi@yuggoth.org> writes:
> On Sat, May 15, 2010 at 02:34:57PM -0700, Russ Allbery wrote:

>> That's a good idea. I'm not sure if all UNIX group systems allow one to
>> ask how many users are a member of a particular group, but if there's a
>> way to ask that question at least in those group systems that support
>> it, the implementation should be fairly straightforward.

> This is racy, unfortunately (at least by itself). Consider a non-UPG
> system which starts with one user... this check passes and files get
> created with group write flagged. Later, subsequent users appear sharing
> that same group and the default umask stops making new files
> group-writeable, but the first user's original files are now able to be
> modified by others (and then his account is immediately at risk of being
> taken over by one of the new users without his knowledge).

> Of course, coupled with other checks like uname==gname, parsing
> login.defs, et cetera, it could add an extra layer of assurance.

Right, exactly.  You also check that username == group name, but it's an
additional check to be sure that the group doesn't just happen to look
like a user private group but isn't.

Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to: