Bug#115108: liblockdev1: questionable and useless umask(0)
Package: liblockdev1
Version: 1.0.1-3
Severity: important
Hi,
liblockdev creates device lockfiles with full permissions using umask(00).
A quote from the changelog:
> * added change in umask value to allow full permissions to lock
> files. (this is questionable: would it be better to add a
> suid program to check and remove dangling locks?)
This is in fact questionable and even useless as the directory /var/lock/
is ususally sticky. So only root can delete foreign dangling locks anyway.
Suggestion: Remove umask(2) calls and leave removal of foreign dangling
locks to the system admin.
-- System Information
Debian Release: testing/unstable
Kernel Version: Linux electra 2.4.10-686 #1 Sat Sep 29 19:30:50 EST 2001 i686 unknown
Versions of the packages liblockdev1 depends on:
ii libc6 2.2.4-3 GNU C Library: Shared libraries and Timezone
Reply to: