Your message dated Sat, 1 Jan 2011 19:05:20 +0100 with message-id <20110101180520.GX2813@radis.liafa.jussieu.fr> and subject line Re: Bug#581729: [SQUEEZE] Document the umask change for new installs has caused the Debian Bug report #581729, regarding [SQUEEZE] Document the umask change for new installs to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 581729: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581729 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: [SQUEEZE] Document the umask change for new installs
- From: Andrei Popescu <andreimpopescu@gmail.com>
- Date: Sat, 15 May 2010 14:16:43 +0300
- Message-id: <20100515111643.GF19171@think.homelan>
- In-reply-to: <20100515064129.GJ3444@mykerinos.kheops.frmug.org>
- References: <20091123233240.GB3498@rivendell> <20091124014626.GD29774@kunpuu.plessy.org> <20091124025256.GA11308@gnu.kitenet.net> <20091124071717.GD9409@rivendell> <87ocmqnghe.fsf@windlord.stanford.edu> <1273881425.31170.28.camel@fermat.scientia.net> <87wrv6vx2y.fsf@windlord.stanford.edu> <1273884940.31170.81.camel@fermat.scientia.net> <87sk5tzqmb.fsf@windlord.stanford.edu> <20100515064129.GJ3444@mykerinos.kheops.frmug.org>
Package: release-notes Severity: whishlist Tags: squeeze X-Debbugs-CC: debian-devel@lists.debian.org On Sat,15.May.10, 08:41:29, Christian PERRIER wrote: > More generally speaking, this umask change probably deserves to be > mentioned in the Release Notes....along with a good rationale about > why, no, this isn't Debian giving up to years of being security-wise. Suggested text: --- The default 'umask' for new installs is changed =============================================== Starting with base-files version 5.4 the default umask for new installs is 0002 instead of 0022 for regular users (system users, like the ones used for various daemons and services are not affected). The new umask is more useful on systems where normal users are by default members of an own private group, which no other user belongs to. Such a scheme is known as 'User Private Groups' (UPG) and has been the default in Debian for several releases. This change can however create security and/or privacy issues if the system administrator is not aware of it and adds users to the private group of another user. Also, in order to prevent security issues, some software will detect this and refuse to operate when there are other members in the user's private group and relevant files have permissions as created with a umask of 0002. --- Comments welcome. Regards, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopicAttachment: signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
- To: Charles Plessy <plessy@debian.org>, 581729-done@bugs.debian.org
- Cc: Andrei Popescu <andreimpopescu@gmail.com>
- Subject: Re: Bug#581729: [SQUEEZE] Document the umask change for new installs
- From: Julien Cristau <jcristau@debian.org>
- Date: Sat, 1 Jan 2011 19:05:20 +0100
- Message-id: <20110101180520.GX2813@radis.liafa.jussieu.fr>
- In-reply-to: <[🔎] 20110101174731.GA539@merveille.plessy.net>
- References: <20091124025256.GA11308@gnu.kitenet.net> <20091124071717.GD9409@rivendell> <87ocmqnghe.fsf@windlord.stanford.edu> <1273881425.31170.28.camel@fermat.scientia.net> <87wrv6vx2y.fsf@windlord.stanford.edu> <1273884940.31170.81.camel@fermat.scientia.net> <87sk5tzqmb.fsf@windlord.stanford.edu> <20100515064129.GJ3444@mykerinos.kheops.frmug.org> <20100515111643.GF19171@think.homelan> <[🔎] 20110101174731.GA539@merveille.plessy.net>
On Sun, Jan 2, 2011 at 02:47:31 +0900, Charles Plessy wrote: > because base-files does not set umask anymore since version 5.7, and > because the default umask is currently 0022 again (through login.defs > and pam_umask), I propose to close this bug. Alternatively, I can > submit a patch to document the above. > Closing. Cheers, JulienAttachment: signature.asc
Description: Digital signature
--- End Message ---