setgid umask override versus global umask change

To: debian-devel@lists.debian.org
Subject: setgid umask override versus global umask change
From: Mike Bird <mgb-debian@yosemite.net>
Date: Sun, 30 May 2010 09:44:49 -0700
Message-id: <[🔎] 201005300944.50893.mgb-debian@yosemite.net>

What, I wonder, would be the consequences of setgid directories
overring umask, rather than a system wide umask change?

We could leave umask set to 0022 but when creating files and
directories in setgid directories the 0020 bit of the umask
would itself be masked out.

This would seem to localize the change to where it is needed,
thus reducing the possibility for accidental security holes.

Setgid already does much wierdness.  Adding this small extra
wierdness would not be inelegant.

This would seem to be a trival kernel patch, whether implemented
alone or together with a /sys control to enable/disable it.

Can anyone see any downside?

--Mike Bird

Reply to:

Follow-Ups:
- Re: setgid umask override versus global umask change
  - From: Ben Hutchings <ben@decadent.org.uk>
- Re: setgid umask override versus global umask change
  - From: "C. Gatzemeier" <c.gatzemeier@tu-bs.de>
- Re: setgid umask override versus global umask change
  - From: Bastian Blank <waldi@debian.org>

Prev by Date: Re: Archive area for clamz (Amazon MP3 downloader)
Next by Date: same UIDs across multiple systems
Previous by thread: Re: [SOLVED] Unbootable after kernel upgrade: Lilo can't load kernel
Next by thread: Re: setgid umask override versus global umask change
Index(es):
- Date
- Thread