Debian Planet










Welcome to Debian Planet

Search

Apt-get into it.
Main Menu

  • Home

  • Topics

  • Web Links

  • Your Account

  • Submit News

  • Stats

  • Top 10

  • Debian

    These are important Debian sites one should not be without!

  • Official Debian site

  • Package search

  • Mailing list archives

  • Bug reports

  • Debian on CD

  • Unofficial woody CD ISOs

  • Unofficial APT sources

  • Developers' Corner

    Other great Debian news sources:

  • Debian Weekly News

  • Kernel Cousin Debian

    (Debian mailing lists digested)
  • Community Groups

    Need help? You're not alone on this planet.

  • debianHELP

    (User support site)

  • Debian International

  • DebianForum.de

    (Deutsch)

  • EsDebian

    (español)

  • DebianWorld

    (français)

  • MaximumDebian

    (Italiano)

  • DebianUsers

    (Korean)

  • Debian-BR

    (Português)

  • IRC

    The place to get help on a Debian problem (after reading docs) or to just chat and chill is #debian on irc.debian.org.

    Many of the Debian Planet staff live there so pop by and say hello.

    Wanna write?

    Got that latest or greatest scoop? Perhaps you have some important news for the Debian community? Submit a news item!

    Or perhaps you've written a rather ground breaking insight into some aspect of Debian and you feel compelled to share it with others? Knock up a longer editorial article and send it to the editors.

    Sponsorship

    DP is sponsored by Xinit Systems and kieser.net.

    Domains paid for and hosted by uklinux.net.

    Buy your Debian merchandise at DebianShop.com.

    Who's Online

    There are currently, 45 guest(s) and 4 member(s) that are online.

    You are Anonymous user. You can register for free by clicking here.

      
    Debian umask VS Kernel umask
    Contributed by Anonymous on Sunday, June 10 @ 10:11:40 BST

    Linux
    Recent 2.4 kernels seem to set a umask of 000 at boot which is
    inherited evidently by init and all its children who choose not to
    change it. This results in several daemons creating mode 0666 .pid
    files among other things (see bug reports against ud and sshd among
    others).

    rob: Is this a big security risk?

    I think this is broken behavior on the kernel's part, a 000
    umask is never a sane default IMHO. It seems however that its not
    going to be fixed (I remember some mention about it somewhere but
    can't find it).



    I looked at debian's rc scripts and /etc/init.d/rcS already sets the
    umask to 022, and its responsible for kicking off the rest of the boot
    process, So why do daemons like sshd and such still end up with a 000
    umask? What can/should be done about this?

     
    Related Links

  • More about Linux
  • News by rob

    Most read story about Linux:
    Installing Debian GNU/Linux on Alphas

    Last news about Linux:

    Printer Friendly Page  Send this Story to a Friend
  • "Debian umask VS Kernel umask" | Login/Create Account | 11 comments
    Threshold


    The comments are owned by the poster. We aren't responsible for their content.

    Re: Debian umask VS Kernel umask (Score: 5, Informative)
    by Anonymous on Sunday, June 10 @ 18:42:09 BST

    The pedigree of daemons starts with /etc/init.d/rc, not /etc/init.d/rcS. The latter does only one-time initialization tasks. So the umask 022 needs to be added to /etc/init.d/rc too. Arguably a bug should be filed against sysvinit. (I tested this change, it works).

    Perhaps a more dangerous manifestation of this is that some _logfiles_ (chrony is/was an example) are created 666. I have filed a bug against chrony being ignorant of the kernel change and the maintainer promised to fix chrony, but now I see it is a more general problem in need of a general solution.

    [ Reply ]


    Re: Debian umask VS Kernel umask (Score: 3, Informative)
    by Robot101 (robot1<zero>1@debian.org) on Sunday, June 10 @ 23:36:38 BST
    (User Info)

    The problem is not logfiles©©© the problem is pid files in /var/run! When /etc/init©d/apache stop kills init, syslog, ssh©©© eek!

    Regards,

    Rob

    [ Reply ]


    Re: Debian umask VS Kernel umask (Score: 5, Informative)
    by ilmari (ilmari -at- ziggen -dot- com) on Sunday, June 10 @ 19:40:24 BST
    (User Info)

    This is fixed in 2.4.5-ac6 and later, where it's set to 022 (S_IWGRP|S_IWOTHR), with the reason being not to screw up for people upgrading.

    [ Reply ]


    Re: Debian umask VS Kernel umask (Score: 0)
    by Anonymous on Saturday, June 16 @ 05:30:00 BST

    But with 2.4.5-ac15 I see rw-rw-rw- files in /var/run.

    [ Reply ]


    Re: Debian umask VS Kernel umask (Score: 1, Insighful)
    by crazney on Monday, June 11 @ 03:53:21 BST
    (User Info)

    more details pls? whats umask?

    [ Reply ]


    Re: Debian umask VS Kernel umask (Score: 1, Informative)
    by greyheart (thingol at xs4all dot nl) on Monday, June 11 @ 11:31:05 BST
    (User Info) http://www.kaboenka.nl/

    in bash, type 'help umask', for tcsh, see tcsh(1).

    or read a unix book for beginners.

    [ Reply ]


    Re: Debian umask VS Kernel umask (Score: 0)
    by Anonymous on Sunday, June 17 @ 10:30:21 BST

    well duh, but why is the kernel's umask screwy, where is it changed, etc.

    [ Reply ]


    Re: Debian umask VS Kernel umask (Score: 3, Informative)
    by Anonymous on Monday, June 11 @ 17:01:20 BST

    Try looking here. This page gives a good, comprehensive coverage of umask.

    [ Reply ]


    Re: Debian umask VS Kernel umask (Score: -1, Redundant)
    by Anonymous on Tuesday, June 12 @ 14:20:43 BST

    umask [-p] [-S] [mode]

    The user file-creation mask is set to mode. If mode begins with a digit, it is interpreted as an octal number; otherwise it is interpreted as a symbolic mode mask similar to that accepted by chmod(1). If mode is omitted, or if the -S option is supplied, the current value of the mask is printed. The -S option causes the mask to be printed in symbolic form; the default output is an octal number. If the -p option is supplied, and mode is omitted, the output is in a form that may be reused as input. The return status is 0 if the mode was successfully changed or if no mode argument was supplied, and false otherwise.

    [ Reply ]


    Re: Debian umask VS Kernel umask (Score: 0)
    by Anonymous on Tuesday, June 12 @ 05:03:10 BST

    I think the REAL question is "How Debian should protect itself from wrong umask in the kernel ?"

    [ Reply ]


    Re: Debian umask VS Kernel umask (Score: 0)
    by Anonymous on Tuesday, June 12 @ 05:34:46 BST

    Noone woule expect something would work on a broken kernel. If they think that's a bug, and will fix soon. Don't use these kernels are the best sol'n.

    [ Reply ]


    Based on: PHP-Nuke

    All logos and trademarks in this site are property of their respective owner. The comments are property of their posters, all the rest © 2000 by Debian Planet

    You can syndicate our news using the file backend.php.