| To: | Keith Owens <kaos@xxxxxxxxxxxxxxxxx> |
|---|---|
| Subject: | Re: Insecure world writable files from XFS 1.0.1 ISO installer |
| From: | Simon Matter <simon.matter@xxxxxxxxxxxxxxxx> |
| Date: | Thu, 02 Aug 2001 16:39:50 +0200 |
| >received: | from mobile.sauter-bc.com (unknown [10.1.6.21]) by basel1.sauter-bc.com (Postfix) with ESMTP id 3961157306; Thu, 2 Aug 2001 16:39:51 +0200 (CEST) |
| Cc: | Eric Sandeen <sandeen@xxxxxxx>, linux-xfs <linux-xfs@xxxxxxxxxxx> |
| Organization: | Sauter AG, Basel |
| References: | <6321.996761787@ocs3.ocs-net> |
| Sender: | owner-linux-xfs@xxxxxxxxxxx |
Keith Owens schrieb: > > On Thu, 02 Aug 2001 08:49:36 -0500, > Eric Sandeen <sandeen@xxxxxxx> wrote: > >Simon Matter wrote: > >> > >> When installing from the ISO RH7.1-SGI-XFS-1.0.1, all system config > >> files and directories which are not part of an RPM are installed world > >> writeable (mode 666/777). > > > >Which files, for example? So this does NOT happen with either stock Red > >Hat or XFS 1.0? Not sure what might be causing this... > > Almost certainly the kernel bug introduced somewhere around 2.4.3 and > fixed in 2.4.7. The default umask for kernel threads, including init > was incorrectly set to 000. Stock RedHat init scripts have umask 022 > at the start which hides the kernel bug. So this means that intalling with the 1.0 installer and upgrading to 1.0.1 is secure but installing with the 1.0.1 installer will create a system with open doors. -Simon |
| Previous by Date: | Re: Insecure world writable files from XFS 1.0.1 ISO installer, Simon Matter |
|---|---|
| Next by Date: | Re: Insecure world writable files from XFS 1.0.1 ISO installer, Steve Lord |
| Previous by Thread: | Re: Insecure world writable files from XFS 1.0.1 ISO installer, Keith Owens |
| Next by Thread: | Re: Insecure world writable files from XFS 1.0.1 ISO installer, Steve Lord |
| Indexes: | [Date] [Thread] [Top] [All Lists] |