Re: Bug#832908: mongodb: CVE-2016-6494: world-readable .dbshell history file: LTS update and upgrade handling
On 02/08/16 23:57, Ola Lundqvist wrote:
> Hi Chris
> The reason I do not simply set the umask to a fixed value is to use the same
> principle as upstream. That is honor the umask set bu the user. There may be
> reasons why group read and/or write should be set for example.
> I agree with upstream that the umask should be honored, but not as strictly as
> upstream do. This is why I just override the "world readable" part and let the
> rest be controlled by the user.
> In the working patch you can see that I also set back the umask (just a little
> further down in the file) as it was to just change this specific case of logging.
> More clear now?
What do other programs do for similar files? My .bash_history is 0600 even
though my umask is 0022. Having a umask that allows other users to read your
files by default doesn't mean sensitive-information should be made available. So
perhaps you should ignore if the umask allows the group to read files?