[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Insecure world writable files from XFS 1.0.1 ISO installer
Keith Owens schrieb:
>
> On Thu, 02 Aug 2001 08:49:36 -0500,
> Eric Sandeen <sandeen@sgi.com> wrote:
> >Simon Matter wrote:
> >>
> >> When installing from the ISO RH7.1-SGI-XFS-1.0.1, all system config
> >> files and directories which are not part of an RPM are installed world
> >> writeable (mode 666/777).
> >
> >Which files, for example? So this does NOT happen with either stock Red
> >Hat or XFS 1.0? Not sure what might be causing this...
>
> Almost certainly the kernel bug introduced somewhere around 2.4.3 and
> fixed in 2.4.7. The default umask for kernel threads, including init
> was incorrectly set to 000. Stock RedHat init scripts have umask 022
> at the start which hides the kernel bug.
So this means that intalling with the 1.0 installer and upgrading to
1.0.1 is secure but installing with the 1.0.1 installer will create a
system with open doors.
-Simon