FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian Development

 
 
LinkBack Thread Tools
 
Old 05-14-2010, 11:24 PM
Santiago Vila
 
Default Bug#581434: UPG and the default umask

On Fri, 14 May 2010, Joey Hess wrote:

> Vincent Danjean wrote:
> > I'm happy with this move. However, there is still an interaction with ssh
> > to deal with:
>
> > vdanjean@eyak:~$ chmod -Rv g+w .ssh/authorized_keys
> > vdanjean@eyak:~$ ssh localhost
> > vdanjean@localhost's password:
> > And, in /var/log/auth.log:
> > May 14 09:42:17 eyak sshd[1618]: Authentication refused: bad ownership or modes for file /home/vdanjean/.ssh/authorized_keys
>
> maildrop has the same problem with .mailfilter files.

Problems like that are expected to happen, and I think we should be
ready to fix them as they are found, so that the umask setting can
really be a choice of the system admin, not an imposition of certain
key programs who do not work well enough on systems having UPG and a
default umask of 002.

I remember that procmail had a similar problem, and the author
implemented a build macro for systems having UPG. From the changelog:

1999/03/02: v3.12
Changes to procmail:
- Don't use $HOME/.procmailrc if it's group-writable or in a
group-writable directory, unless it's the user's default group
and GROUP_PER_USER is set in config.h


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: alpine.DEB.1.10.1005150112240.24593@cantor.unex.es ">http://lists.debian.org/alpine.DEB.1.10.1005150112240.24593@cantor.unex.es
 
Old 05-14-2010, 11:38 PM
Santiago Vila
 
Default Bug#581434: UPG and the default umask

On Sat, 15 May 2010, Andreas Hemel wrote:

> On Fri, May 14, 2010 at 01:21:41PM -0400, Joey Hess wrote:
> > Vincent Danjean wrote:
> > > I'm happy with this move. However, there is still an interaction with ssh
> > > to deal with:
> >
> > > vdanjean@eyak:~$ chmod -Rv g+w .ssh/authorized_keys
> > > vdanjean@eyak:~$ ssh localhost
> > > vdanjean@localhost's password:
> > > And, in /var/log/auth.log:
> > > May 14 09:42:17 eyak sshd[1618]: Authentication refused: bad ownership or modes for file /home/vdanjean/.ssh/authorized_keys
> >
> > maildrop has the same problem with .mailfilter files.
>
> As does exim with .forward files. Should this be reported as a bug
> against exim, now that the default umask will change?

I think so.

Ideally, we should support both 022 and 002 as umask.

Unfortunately, we have been using 022 for so long that we don't even
know what things have to be changed so that "everything works" when
umask is 002.

So, for practical purposes, setting 002 as the default umask is
probably the best (or maybe just the only) way to discover what needs
to be fixed when the umask is 002.


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: alpine.DEB.1.10.1005150125150.24722@cantor.unex.es ">http://lists.debian.org/alpine.DEB.1.10.1005150125150.24722@cantor.unex.es
 
Old 05-15-2010, 12:01 AM
Klaus Ethgen
 
Default Bug#581434: UPG and the default umask

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Am Sa den 15. Mai 2010 um 0:24 schrieb Santiago Vila:
> I remember that procmail had a similar problem, and the author
> implemented a build macro for systems having UPG. From the changelog:
>
> 1999/03/02: v3.12
> Changes to procmail:
> - Don't use $HOME/.procmailrc if it's group-writable or in a
> group-writable directory, unless it's the user's default group
> and GROUP_PER_USER is set in config.h

Urgh, and as in debian this is set, procmail is per default unsave on
all systems where non UPG is used or where the user like to use his own
UPG for sharing purpose!?

To change all that software just to let the umask be convenient for just
one very special use case and make all the rest all that unsave? Sorry,
but this is like the openssl disaster just intentional.

Regards
Klaus
- --
Klaus Ethgen http://www.ethgen.de/
pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <Klaus@Ethgen.de>
Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEVAwUBS+3kap+OKpjRpO3lAQpLGwgAry8FHXhr2T7uNP5AY7 bTOmtS5zQ4wjif
CdLQXVviqpksSEk27yqBnt3qzsSGayKphZqEN2jskCcYCtUpEY +zSCigUy/z5fVb
IDLd80y5dVdGf9eiytidCUjaJ+fpB2sOQwFJ91H9cBPUEQHyPg AkuzXsyf2ORrgV
0+1vA4HlmfF0hsEHLfucYUF3xIwU4UczAoMiEDTA3avUYcoUCf 3ELVrJLXuCwk6V
PXNw0Fzi95gwCB9Su8tBwNuccy4YCT5OC2Cxt5KlyBoLLvjXEX Ps+GKK2W2YPmoH
t0DNg1phu1iS9WqeiqG33B0uGHFjpShlIajnB665llX/1KPdf2K95w==
=U8oX
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20100515000147.GA7441@ikki.ethgen.de">http://lists.debian.org/20100515000147.GA7441@ikki.ethgen.de
 
Old 05-15-2010, 01:07 AM
Joey Hess
 
Default Bug#581434: UPG and the default umask

Klaus Ethgen wrote:
> Urgh, and as in debian this is set, procmail is per default unsave on
> all systems where non UPG is used or where the user like to use his own
> UPG for sharing purpose!?
>
> To change all that software just to let the umask be convenient for just
> one very special use case and make all the rest all that unsave? Sorry,
> but this is like the openssl disaster just intentional.

If you give untrusted users write access to your home directory or to
individual dotfiles, you will discover:

* A handful of programs (ssh, exim, maildrop) will try to detect this
and block it.
* The majority of programs, from bash on down, will happily use their
dotfiles no matter who owns them.

I'm curious about why those few programs do implement their additional
checks. There's probably some interesting history there.

But requiring every program that has a dotfile to implement security
checking for that dotfile is doomed to failure, and so, sensibly, that
is not done. Your typical program with a dotfile relies on the user
choosing a safe combination of umask and directory permissions for its
security.

--
see shy jo, not responding to this person's continued openssh trolling
 
Old 05-15-2010, 01:16 AM
Christoph Anton Mitterer
 
Default Bug#581434: UPG and the default umask

On Fri, 2010-05-14 at 21:07 -0400, Joey Hess wrote:
> Your typical program with a dotfile relies on the user
> choosing a safe combination of umask and directory permissions for its
> security.
As you say,... it "relies on the user"...

At least half (!) of the bill (the default umask) is now taken away from
the user, as he does not manually choose and decide to either set it
generally to 022 or give a specific dotfile some g+rw rights...


Cheers,
Chris.
 
Old 05-15-2010, 08:04 AM
Andreas Metzler
 
Default Bug#581434: UPG and the default umask

Santiago Vila <sanvila@unex.es> wrote:
[...]
> Problems like that are expected to happen, and I think we should be
> ready to fix them as they are found, so that the umask setting can
> really be a choice of the system admin, not an imposition of certain
> key programs who do not work well enough on systems having UPG and a
> default umask of 002.

> I remember that procmail had a similar problem, and the author
> implemented a build macro for systems having UPG. From the changelog:

> 1999/03/02: v3.12
> Changes to procmail:
> - Don't use $HOME/.procmailrc if it's group-writable or in a
> group-writable directory, unless it's the user's default group
> and GROUP_PER_USER is set in config.h

Hello,

afaiui we have this problem:

#1 Debian supports both UPG and non-UPG setups.
#2 UPG with umask 022 is useless.
#3 non-UPG with umask 002 is insecure.
#4 We cannot reliably detect UPG-setups. (The setting
USERGROUPS=yes/no in /etc/adduser.conf is not relevant, e.g. in a
NIS szenario users are generated on the master system.)

The solution applied to procmail, disabling .procmailrc permission
sanity check at compile time is not really a bugfix, but a policy
change, dropping #1 in favour of #2.

cu andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 1512c7-iq3.ln1@argenau.downhill.at.eu.org">http://lists.debian.org/1512c7-iq3.ln1@argenau.downhill.at.eu.org
 
Old 05-15-2010, 11:03 AM
Christoph Anton Mitterer
 
Default Bug#581434: UPG and the default umask

On Sat, 2010-05-15 at 10:04 +0200, Andreas Metzler wrote:
> #2 UPG with umask 022 is useless.
Why is it?
It makes that every user has its own group, and that other users can be
added to it.
This alone doesn't have any effect of course, as such added users have
read rights anyway.
But now it's easy for the owner of files to selectively set
write-permissions for single files.


Cheers,
Chris.
 
Old 05-15-2010, 11:23 AM
Andrei Popescu
 
Default Bug#581434: UPG and the default umask

On Sat,15.May.10, 13:03:16, Christoph Anton Mitterer wrote:
> On Sat, 2010-05-15 at 10:04 +0200, Andreas Metzler wrote:
> > #2 UPG with umask 022 is useless.
> Why is it?
> It makes that every user has its own group, and that other users can be
> added to it.
> This alone doesn't have any effect of course, as such added users have
> read rights anyway.
> But now it's easy for the owner of files to selectively set
> write-permissions for single files.

Why is an own group needed for this? Can't the admin just create groups
as needed where both users shall belong?

Regards,
Andrei
--
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic
 
Old 05-15-2010, 11:30 AM
Christoph Anton Mitterer
 
Default Bug#581434: UPG and the default umask

On Sat, 2010-05-15 at 14:23 +0300, Andrei Popescu wrote:
> Why is an own group needed for this? Can't the admin just create groups
> as needed where both users shall belong?
Well but that's always possible isn't it? So one could drop the concept
of UPGs completely...


Cheers,
Chris.
 
Old 05-15-2010, 11:56 AM
Andrei Popescu
 
Default Bug#581434: UPG and the default umask

On Sat,15.May.10, 13:30:14, Christoph Anton Mitterer wrote:
> On Sat, 2010-05-15 at 14:23 +0300, Andrei Popescu wrote:
> > Why is an own group needed for this? Can't the admin just create groups
> > as needed where both users shall belong?
> Well but that's always possible isn't it? So one could drop the concept
> of UPGs completely...

Sure, it makes sense with a default umask of 0022

Regards,
Andrei
--
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic
 

Thread Tools




All times are GMT. The time now is 06:31 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org