Re: Redhat 7 insecure umask

From: Warren Young (warren@ETR-USA.COM)
Date: Tue Apr 24 2001 - 08:13:38 PDT

Next message: Matthew Schalit: "Re: multiple vulnerabilities in Alcatel Speed Touch DSL modems"

Previous message: hurtta+z3at_private: "Re: SECURITY.NNOV: The Bat! <cr> bug"
In reply to: Rebecca Kastl: "Re: Redhat 7 insecure umask"
Next in thread: Jim Knoble: "Re: Redhat 7 insecure umask"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Rebecca Kastl wrote:
>
> On Fri, 20 Apr 2001, Drew Jones wrote:
>
> > Problem:
> >   Users of Redhat 7 may have their umask set insecurely while acting
> > as root.
>
> Maybe I'm missing something here, but isn't the "problem" with su, not
> /etc/profile?

su(1) on AT&T-derived Unixes fix this: there's a file /etc/defaults/su
(IIRC) which sets certain user defaults whether you do "su -" or just
plain "su".  I've used both, but I think I prefer the Red Hat way: it's
more predictable because you know that without the - you keep your
current environment, and with it you overwrite your current environment
with the target user's.  With the AT&T way, you don't know with plain
"su" what your environment will look like without looking at
/etc/defaults/su first.

--
Warren

Next message: Matthew Schalit: "Re: multiple vulnerabilities in Alcatel Speed Touch DSL modems"
Previous message: hurtta+z3at_private: "Re: SECURITY.NNOV: The Bat! <cr> bug"
In reply to: Rebecca Kastl: "Re: Redhat 7 insecure umask"
Next in thread: Jim Knoble: "Re: Redhat 7 insecure umask"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Apr 24 2001 - 22:49:33 PDT