On Sat,15.May.10, 08:41:29, Christian PERRIER wrote:
> More generally speaking, this umask change probably deserves to be
> mentioned in the Release Notes....along with a good rationale about
> why, no, this isn't Debian giving up to years of being security-wise.
Suggested text:
---
The default 'umask' for new installs is changed
===============================================
Starting with base-files version 5.4 the default umask for new installs
is 0002 instead of 0022 for regular users (system users, like the ones
used for various daemons and services are not affected).
The new umask is more useful on systems where normal users are by
default members of an own private group, which no other user belongs to.
Such a scheme is known as 'User Private Groups' (UPG) and has been the
default in Debian for several releases.
This change can however create security and/or privacy issues if the
system administrator is not aware of it and adds users to the private
group of another user. Also, in order to prevent security issues, some
software will detect this and refuse to operate when there are other
members in the user's private group and relevant files have permissions
as created with a umask of 0002.
---
Comments welcome.
Regards,
Andrei
--
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic
05-15-2010, 11:26 AM
Christoph Anton Mitterer
Bug#581729: Document the umask change for new installs
On Sat, 2010-05-15 at 14:16 +0300, Andrei Popescu wrote:
> for regular users
Would have to double check it,... but doesn't the current change also
affect root?
Cheers,
Chris.
05-15-2010, 11:45 AM
Holger Levsen
Bug#581729: Document the umask change for new installs
Hi Andrei,
On Samstag, 15. Mai 2010, Andrei Popescu wrote:
> Suggested text:
Thanks for that!
I have one small addition...:
> This change can however create security and/or privacy issues if the
> system administrator is not aware of it and adds users to the private
> group of another user. Also, in order to prevent security issues, some
> software will detect this and refuse to operate when there are other
> members in the user's private group and relevant files have permissions
> as created with a umask of 0002.
This paragraph should be accompanied by something like:
Instead of adding users to other users private groups (which has issues as
explained above) it is recommend to create dedicated groups for these users
for collaboration.
As in: not only describe how not to do it, but also how to do it.
cheers,
Holger
05-15-2010, 11:50 AM
Christoph Anton Mitterer
Bug#581729: Document the umask change for new installs
On Sat, 2010-05-15 at 13:45 +0200, Holger Levsen wrote:
> This paragraph should be accompanied by something like:
>
> Instead of adding users to other users private groups (which has issues as
> explained above) it is recommend to create dedicated groups for these users
> for collaboration.
Perhaps I'm completely stupid,... but why do we have UPGs then at all?
If we suggest users not to use them!
For those rare cases like "a user's wife/husband" which is fully
trusted?
Cheers,
Chris.
05-15-2010, 12:01 PM
Robert Klotzner
Bug#581729: Document the umask change for new installs
On Saturday 15 May 2010 13:50:50 Christoph Anton Mitterer wrote:
> On Sat, 2010-05-15 at 13:45 +0200, Holger Levsen wrote:
> > This paragraph should be accompanied by something like:
> >
> > Instead of adding users to other users private groups (which has issues
> > as explained above) it is recommend to create dedicated groups for these
> > users for collaboration.
>
> Perhaps I'm completely stupid,... but why do we have UPGs then at all?
> If we suggest users not to use them!
> For those rare cases like "a user's wife/husband" which is fully
> trusted?
>
>
> Cheers,
> Chris.
>
The purpose is to make a default umask of 002 possible, without security
problems. This makes it easier to setup directories for collaboration with the
segid bit set, as the group for newly created files will have write
permissions, because of the umask being 002.
Best regards,
Robert
05-15-2010, 12:45 PM
Julien Valroff
Bug#581729: Document the umask change for new installs
Le samedi 15 mai 2010 à 13:26:29 (+0200), Christoph Anton Mitterer a écrit :
> Date: Sat, 15 May 2010 13:26:29 +0200
> From: Christoph Anton Mitterer <calestyo@scientia.net>
> To: 581729@bugs.debian.org
> Cc: debian-devel@lists.debian.org
> Subject: Re: Bug#581729: [SQUEEZE] Document the umask change for new
> installs
>
> On Sat, 2010-05-15 at 14:16 +0300, Andrei Popescu wrote:
> > for regular users
> Would have to double check it,... but doesn't the current change also
> affect root?
It does:
root@gaia:~# umask
0002
root@gaia:~# cd
root@gaia:~# touch test
root@gaia:~# ls -l test
-rw-rw-r-- 1 root root 0 15 mai 14:43 test
Bug#581729: Document the umask change for new installs
On Sat,15.May.10, 13:26:29, Christoph Anton Mitterer wrote:
> On Sat, 2010-05-15 at 14:16 +0300, Andrei Popescu wrote:
> > for regular users
> Would have to double check it,... but doesn't the current change also
> affect root?
By default:
# grep umask .bashrc
umask 022
#
Regards,
Andrei
--
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic
05-15-2010, 01:12 PM
Julien Valroff
Bug#581729: Document the umask change for new installs
Le samedi 15 mai 2010 à 15:59:40 (+0300), Andrei Popescu a écrit :
> Date: Sat, 15 May 2010 15:59:40 +0300
> From: Andrei Popescu <andreimpopescu@gmail.com>
> To: debian-devel@lists.debian.org
> Cc: 581729@bugs.debian.org
> Subject: Re: Bug#581729: [SQUEEZE] Document the umask change for new
> installs
>
> On Sat,15.May.10, 13:26:29, Christoph Anton Mitterer wrote:
> > On Sat, 2010-05-15 at 14:16 +0300, Andrei Popescu wrote:
> > > for regular users
> > Would have to double check it,... but doesn't the current change also
> > affect root?
>
> By default:
>
> # grep umask .bashrc
> umask 022
> #
This entry is commented by default in /usr/share/base-files/dot.bashrc
This file is simply copied to /root/.bashrc in base-file postinst script.
Bug#581729: Document the umask change for new installs
On 05/15/2010 05:26 AM, Christoph Anton Mitterer wrote:
> On Sat, 2010-05-15 at 14:16 +0300, Andrei Popescu wrote:
>> for regular users
> Would have to double check it,... but doesn't the current change also
> affect root?
This does, but root is also in his own UPG. If you add any user to the
root group (same this as using wheel on other systems), you're
effectively giving that user full root access to the system anyway. So,
this change will not have any unsavory side effects for the root user or
group.
--
. O . O . O . . O O . . . O .
. . O . O O O . O . O O . . O
O O O . O . . O O O O . O O O
05-15-2010, 01:34 PM
Christoph Anton Mitterer
Bug#581729: Document the umask change for new installs
On Sat, 2010-05-15 at 15:59 +0300, Andrei Popescu wrote:
> By default:
>
> # grep umask .bashrc
> umask 022
> #
Not in the most recent version of base-files, which does not update most
of it files.
Bug#581729: Document the umask change for new installs
