Date: Mon, 12 Oct 2020 21:41:39 +0200 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Subject: Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Hi, A problem with Georgi's message that started this thread, besides its overall tone, is that it singled out Debian. In my experience, most Unix-like distributions use insecure defaults like this. On Thu, Oct 08, 2020 at 08:07:10AM +1100, Brian May wrote: > Jeremy Stanley <fungi@...goth.org> writes: > > > As a long-time Debian user myself, I agree that this default is > > showing its age, and can represent a risk for operators who overlook > > it. > > Yes, I agree the default should be changed. I also think the defaults should be changed, and not only on Debian. Special cases like serving web pages do not justify insecure default home directory permissions - rather, they're reasons to provide extra setup instructions in web server packages, etc. > Just note that there is a reasonable amount of software install > instructions that assume umask is 022 and will install software with > unusable permissions if it is not. This is indeed a problem. When building software manually (not packaged) and wanting to install it on a system globally (e.g., in /usr/local), a workaround is to use "(umask 022; make install)" - that is, temporarily relax the umask to 022 just for that one command by running it in a subshell. RPM typically invokes "umask 022" for all(?) package build scripts, including the %install section, which lets it build proper packages even when run on a system with umask 077 even when the packaged software's install scripts assume umask 022. I think package install scripts should learn not to assume umask, or at least not when installing software globally. When installing to a subdirectory of the user's home directory, it makes sense to honor the user's umask, but those cases probably can't be recognized reliably. It's a pity that software will just assume it's to be installed globally (or with equivalent permissions), but the current reality is no better where things break arbitrarily (e.g., some files mode 644, some 600) when installing unprepared software with umask 077. I think distros have to take the first step and change the default umask to 077. Until enough distros do, software maintainers won't have the incentive to support that or won't even know about the problem. Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.