Eric Sandeen wrote:
>
> If you have installed, or plan to install, any systems using
> the XFS 1.0.1 installer, please read the following message.
>
> It was recently discovered that due to a bug* in the underlying
> Linux kernel, the permissions of several system configuration
> files created at install time are world-writeable, which poses
> a security risk.
>
> This bug is not XFS-related, and will exhibit itself on an
> ext2-only install from the XFS 1.0.1 iso as well.
I think I may have seen this at one point on the kernel dev list (or
something related), but can't recall exactly. I'm curious if the kernel
people know about this yet, or maybe have already fixed it for later
kernels?
D. Stimits, stimits@xxxxxxxxxx
>
> These permissions may be fixed by running the script at
>
> ftp://oss.sgi.com/projects/xfs/download/Release-1.0.1/installer/fix-perms
>
> as root.
>
> An update disk has also been provided at
>
> ftp://oss.sgi.com/projects/xfs/download/Release-1.0.1/installer/updates
>
> to be used on future installs. Please see the README at
>
> ftp://oss.sgi.com/projects/xfs/download/Release-1.0.1/installer/updates/README
>
> for information on how to use this update disk.
>
> Thanks for your attention, and we apologize for any inconvenience this
> may have caused.
>
> Sincerely,
>
> The SGI XFS for Linux Team
>
> -----
>
> *The default umask for kernel threads, including init, was incorrectly
> set to 000. Stock Red Hat init scripts set umask to 022 at system
> startup, so it hides this bug. However, the anaconda installer does
> not do this, so files created during the install process have incorrect
> permissions.
|