Re: UPG and the default umask

To: debian-devel@lists.debian.org
Subject: Re: UPG and the default umask
From: Willi Mann <foss-ml@wm1.at>
Date: Wed, 19 May 2010 22:51:25 +0200
Message-id: <[🔎] ht1j0f$m8o$1@dough.gmane.org>
References: <[🔎] 4BE830C8.5050009@gmail.com> <[🔎] 20100510162317.GI2652@radis.liafa.jussieu.fr> <[🔎] 87fx1ykjrt.fsf@windlord.stanford.edu> <[🔎] hsn1gf$cst$1@dough.gmane.org> <[🔎] 4BEFFA02.8000202@gmail.com> <[🔎] 87pr0vg07c.fsf@windlord.stanford.edu> <[🔎] alpine.DEB.1.10.1005170103200.6247@kolmogorov.unex.es> <[🔎] 84d3wvj7e5.fsf@sauna.l.org> <[🔎] alpine.DEB.1.10.1005171419450.12903@kolmogorov.unex.es> <[🔎] 844oi6k7x6.fsf@sauna.l.org> <[🔎] alpine.DEB.1.10.1005191903510.17907@cantor.unex.es>

Hi!

> Some people proposed complex code to determine whether UPG was in use
> for system users. Such thing would be an "exception to the exception"
> and as such I think it would be a bad thing, as it would make things
> a lot more complex without any real gain.

The gain would be a guard against accidental 002 umasks in non-UPG 
environments, which I'm quite sure will happen. Either because admins do not 
read the release notes or because they forget to do the change on one of 
their newly-installed machines despite reading the release notes. 

On the other hand, other distributions already use default 002 umask 
unconditionally and I'm not aware of any complaints. So admins in non-UPG 
environments using these distros seem to be able to cope with it. 

However, there might be stronger expectations about Debian's default 
security-related settings, which might explain the harsh wordings chosen by 
some opponents of this change.

WM

Reply to:

Follow-Ups:
- Re: UPG and the default umask
  - From: Christoph Anton Mitterer <calestyo@scientia.net>

References:
- UPG and the default umask
  - From: Aaron Toponce <aaron.toponce@gmail.com>
- Re: UPG and the default umask
  - From: Julien Cristau <jcristau@debian.org>
- Re: UPG and the default umask
  - From: Russ Allbery <rra@debian.org>
- Re: UPG and the default umask
  - From: Willi Mann <foss-ml@wm1.at>
- Re: UPG and the default umask
  - From: Aaron Toponce <aaron.toponce@gmail.com>
- Re: UPG and the default umask
  - From: Russ Allbery <rra@debian.org>
- Re: UPG and the default umask
  - From: Santiago Vila <sanvila@unex.es>
- Re: UPG and the default umask
  - From: Timo Juhani Lindfors <timo.lindfors@iki.fi>
- Re: UPG and the default umask
  - From: Santiago Vila <sanvila@unex.es>
- Re: UPG and the default umask
  - From: Timo Juhani Lindfors <timo.lindfors@iki.fi>
- Re: UPG and the default umask
  - From: Santiago Vila <sanvila@unex.es>

Prev by Date: Re: APT do not work with Squid as a proxy because of pipelining default
Next by Date: Re: UPG and the default umask
Previous by thread: Re: UPG and the default umask
Next by thread: Re: UPG and the default umask
Index(es):
- Date
- Thread