On Mon, Jul 23, 2001 at 04:53:55PM -0400, Dan Christensen wrote: > I read that certain kernel versions don't set the umask for init > correctly (2.4.6 is one of them, I think). Does anyone know if > a Debian system is susceptible to this problem, and if so, which > files may have been created world-writable? kernels 2.4.3 - 2.4.6 set the umask to 000 so any thread/process created by the kernel, including init started with umask 000 and remained that way unless init changed it itself. debian's init does NOT change the umask, and even though there is a umask 022 in /etc/init.d/rcS that is not enough. the result is most .pid files in /var/run/* will be created world writable with 0666 permissions as well as any other file created in the boot process, including: (if it did not exist at boot time) /lib/modules/`uname -r`/modules.dep this is a gaping root hole. /etc/modules.conf (if you have alsa-* packages installed which run update-modules in the initscript). this is another gaping root hole. there are likely more, it depends on what packages you have installed with initscripts, since most of them don't alter thier umask either in the initscript or via the program itself any file created by it will be world writable, depending on what the file is it can be a severe security hole. solution: switch back to 2.2 kernels or upgrade to 2.4.7 which finally fixes this and sets the default umask back to 022. after fixing your kernel it is highly advisable to check your system for world writable files and make sure any that are found are supposed to be that way: find / -perm +0002 ! -type l ! -type c -ls the ! -type l ! -type c ignores symlinks (which are always mode 0777) and character device files (all unused ptys are supposed to be 0666 so including this in your find will clutter the output to the point of unusability) -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgp1L2UNxwz_9.pgp
Description: PGP signature