Re: UPG and the default umask

To: <debian-devel@lists.debian.org>
Cc: <rra@debian.org>, <aaron.toponce@gmail.com>
Subject: Re: UPG and the default umask
From: Christoph Anton Mitterer <calestyo@scientia.net>
Date: Mon, 17 May 2010 08:22:09 +0000
Message-id: <[🔎] 17db8d7d1bc34528f0eea9fa032ab2b7@imap.dd24.net>
In-reply-to: <[🔎] hspqv6$qie$1@dough.gmane.org>
References: <[🔎] 4BE830C8.5050009@gmail.com> <[🔎] 20100510162317.GI2652@radis.liafa.jussieu.fr> <[🔎] 87fx1ykjrt.fsf@windlord.stanford.edu> <[🔎] hsn1gf$cst$1@dough.gmane.org> <[🔎] 87eihcc0hq.fsf@windlord.stanford.edu> <[🔎] 20100516151155.GB5246@yuggoth.org> <[🔎] 20100516205051.GC4216@sbs288.lan> <[🔎] hspqv6$qie$1@dough.gmane.org>

On Sun, 16 May 2010 18:18:14 -0400, Felipe Sateler <fsateler@gmail.com>
wrote:
> Is there a reason to support non-UPG systems?
Not to force users to use anything that they don't want?


btw: While I stopped at some point commenting that issue, when I realised
that general security concerns were simply ignored,... I've seen that there
were plans to automatically detect whether a user could have "secure" UPG,
right?

May I suggest the following:
Either:
1) Debian should make this decision fully configurable (whether to use UPG
and which umask _system wide_ (!) or not). Of course it is already
configurable, but I mean something like configuration during installer
phase, or via debconf at some package where this fits to.
At that/those places, when choosing UPG, only the supposedly "secure"
default umasks could be presented and the user could be taught about the
pros and cons of UPGs.

Or:
2) It should be easy to prevent the now ongoing changes (switching default
umask and so on), and for new installations, easy to go back to the old
way.
3) If you make such automatic checks whether a user can have UPGs
"securely", I guess you should take care that these checks are
"dynamically", as a user may change his groups.


btw2: Has there been a final decision whether this UPG-stuff is also
enabled for system users? Especially things like the users from postgresql,
or other daemons?


btw3: As this change seems to be decided, wouldn't it make sense to change
the UMASK value in login.defs and the currently documentation that tells
some secure values:
# 022 is the "historical" value in Debian for UMASK when it was used
# 027, or even 077, could be considered better for privacy
# There is no One True Answer here : each sysadmin must make up his/her
# mind.
#UMASK          022

to the "new" ones with the insecure ones:
# 022 is the "historical" value in Debian for UMASK when it was used
# 002 is the new default for use with user private groups.
# There is no One True Answer here : each sysadmin must make up his/her
# mind.
#UMASK          002


Cheers,
Chris.

Reply to:

Follow-Ups:
- Re: UPG and the default umask
  - From: Holger Levsen <holger@layer-acht.org>
- Re: UPG and the default umask
  - From: Bastien ROUCARIES <roucaries.bastien@gmail.com>

References:
- UPG and the default umask
  - From: Aaron Toponce <aaron.toponce@gmail.com>
- Re: UPG and the default umask
  - From: Julien Cristau <jcristau@debian.org>
- Re: UPG and the default umask
  - From: Russ Allbery <rra@debian.org>
- Re: UPG and the default umask
  - From: Willi Mann <foss-ml@wm1.at>
- Re: UPG and the default umask
  - From: Russ Allbery <rra@debian.org>
- Re: UPG and the default umask
  - From: The Fungi <fungi@yuggoth.org>
- Re: UPG and the default umask
  - From: Harald Braumann <harry@unheit.net>
- Re: UPG and the default umask
  - From: Felipe Sateler <fsateler@gmail.com>

Prev by Date: Re: UPG and the default umask
Next by Date: Re: bindv6only again
Previous by thread: Re: UPG and the default umask
Next by thread: Re: UPG and the default umask
Index(es):
- Date
- Thread