Re: UPG and the default umask

To: <debian-devel@lists.debian.org>
Subject: Re: UPG and the default umask
From: Christoph Anton Mitterer <calestyo@scientia.net>
Date: Wed, 19 May 2010 21:48:41 +0000
Message-id: <[🔎] 7f276af2e79987201aa98eaecb317480@imap.dd24.net>
In-reply-to: <[🔎] 4BF4567C.7050202@gmail.com>
References: <[🔎] 4BE830C8.5050009@gmail.com> <[🔎] 20100510162317.GI2652@radis.liafa.jussieu.fr> <[🔎] 87fx1ykjrt.fsf@windlord.stanford.edu> <[🔎] hsn1gf$cst$1@dough.gmane.org> <[🔎] 4BEFFA02.8000202@gmail.com> <[🔎] 87pr0vg07c.fsf@windlord.stanford.edu> <[🔎] alpine.DEB.1.10.1005170103200.6247@kolmogorov.unex.es> <[🔎] 84d3wvj7e5.fsf@sauna.l.org> <[🔎] alpine.DEB.1.10.1005171419450.12903@kolmogorov.unex.es> <[🔎] 844oi6k7x6.fsf@sauna.l.org> <[🔎] alpine.DEB.1.10.1005191903510.17907@cantor.unex.es> <[🔎] ht1j0f$m8o$1@dough.gmane.org> <[🔎] 39a6ceb8f92bb5718dc558d118c572bf@imap.dd24.net> <[🔎] 4BF4567C.7050202@gmail.com>

On Wed, 19 May 2010 15:22:04 -0600, Aaron Toponce
<aaron.toponce@gmail.com>
wrote:
> You've only mentioned that SSH won't operate if the write bit is set on
> the keys or anything under the ~/.ssh/ directory. Can you explain how an
> ssh client failing to connect to an external ssh server because of the
> umask is compromising security on the system?

Simply read the mails and those from the other critics again, it's not
only annoying for myself to repeat things over and over again but also for
everybody else to read it again.
Nevertheless just saying "everything's fine" or "you only complained about
ssh" won't really solve the issues, but just help to wave these changes
through.

> Also, can you please provide an extra carriage return between your reply
> and the quoted text? Reading your replies is a bit annoying.

Any other wishes to please your MUA? Different character encoding? MIME?

> Please explain how people's security is compromised because their umask
> is 0002 instead of 0022. I'm still waiting for this FUD to be backed up.

See above, or do you wish a larger paper discussing the issues?! ^^

Reply to:

Follow-Ups:
- Re: UPG and the default umask
  - From: Aaron Toponce <aaron.toponce@gmail.com>
- Re: UPG and the default umask
  - From: Michael Banck <mbanck@debian.org>

References:
- UPG and the default umask
  - From: Aaron Toponce <aaron.toponce@gmail.com>
- Re: UPG and the default umask
  - From: Julien Cristau <jcristau@debian.org>
- Re: UPG and the default umask
  - From: Russ Allbery <rra@debian.org>
- Re: UPG and the default umask
  - From: Willi Mann <foss-ml@wm1.at>
- Re: UPG and the default umask
  - From: Aaron Toponce <aaron.toponce@gmail.com>
- Re: UPG and the default umask
  - From: Russ Allbery <rra@debian.org>
- Re: UPG and the default umask
  - From: Santiago Vila <sanvila@unex.es>
- Re: UPG and the default umask
  - From: Timo Juhani Lindfors <timo.lindfors@iki.fi>
- Re: UPG and the default umask
  - From: Santiago Vila <sanvila@unex.es>
- Re: UPG and the default umask
  - From: Timo Juhani Lindfors <timo.lindfors@iki.fi>
- Re: UPG and the default umask
  - From: Santiago Vila <sanvila@unex.es>
- Re: UPG and the default umask
  - From: Willi Mann <foss-ml@wm1.at>
- Re: UPG and the default umask
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Re: UPG and the default umask
  - From: Aaron Toponce <aaron.toponce@gmail.com>

Prev by Date: Bug#582315: ITP: pyrit-cuda -- NVIDIA CUDA support for Pyrit
Next by Date: Re: snapshot.debian.org implications for you
Previous by thread: Re: UPG and the default umask
Next by thread: Re: UPG and the default umask
Index(es):
- Date
- Thread