From: Kirk H. <ki...@ma...> - 2005-12-12 08:18:22
|
Hi Aleksey, AC> Yes, I saw your message in Debian mailing list and I think that this AC> is very serious Debian bug. This makes system highly insecure. IMHO AC> applying the default umask like 022, 027, 077 MUST be made once BEFORE AC> starting /etc/init.d daemons and scripts. Debian does set a default umask of 027 before starting /etc/init.d daemons. It is dictd, in net.c, that changes it to 0. net.c> umask(0); /* set safe umask */ AC> But there is a little problem. Under Interix, for example, the AC> default umask should be 002, ... Then let's remove the umask() call from dictd altogether; I just don't want it setting umask(0). Alternately, if you really want dictd to force a umask, we could #define the value. Kirk |