* umask SECURITY HOLE with rc on Solaris
@ 1995-08-25 20:02 Alan Watson
0 siblings, 0 replies; only message in thread
From: Alan Watson @ 1995-08-25 20:02 UTC (permalink / raw)
To: rc
By default in Solaris, shells inherit a umask of 0; this is Really
Bad.
The real fix is to change the system (edit /etc/default/login and set
the umask before before starting inetd -- credit to John Denune for the
latter fix) so that shells start with a umask of 022, but I still
suggest applying the following patch to rc to set umask to 022 iff
umask is initially 0. I know this is undeniably hand-holding, but do
you really want to trust every overworked sysadmin trying to deal with
the pain of Solaris to catch this one?
Alan Watson
*** main.c.orig Fri Aug 25 10:24:34 1995
--- main.c Fri Aug 25 10:22:09 1995
***************
*** 14,19 ****
--- 14,20 ----
extern void main(int argc, char *argv[], char *envp[]) {
char *dashsee[2], *dollarzero, *null[1];
int c;
+ int oldumask;
initprint();
dashsee[0] = dashsee[1] = NULL;
dollarzero = argv[0];
***************
*** 64,69 ****
--- 65,75 ----
checkfd(1, rCreate);
checkfd(2, rCreate);
}
+ oldumask = umask(0);
+ if (oldumask == 0)
+ umask(022);
+ else
+ umask(oldumask);
initsignal();
inithash();
initparse();
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~1995-08-25 20:03 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
1995-08-25 20:02 umask SECURITY HOLE with rc on Solaris Alan Watson
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).