Bug#581666: base-files: default umask 022 is too permissive
Christoph Anton Mitterer
Version: 5.4
Severity: normal
Hi.
Even when considering #248140 and #581434 I'd say that
a umask of 002 is far too permissive.
1) Generally it's always the best idea to have the strictest
or most secure default, which is of course 002.
Even when user private groups are default.
A sysadmin will recognise if he/his users want to have 022
very quickly, but the other way round, permissions would be
to open and no one might recongnise.
2) Even in case of user private groups 002 is not necessarily
what one wants.
Many people add user B to user A's group probably just that B is
able to read files from a, but not to read/write.
Conclusion:
Debian should ship with secure system wide defaults.
Pragmatically 022 (or even something more strict).
And either root or the single users should have to manually
choose when they want to open things up.
Cheers,
Chris.
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.33-heisenberg (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_DE.UTF-8, LC_CTYPE=en_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages base-files depends on:
ii gawk [awk] 1:3.1.7.dfsg-5 GNU awk, a pattern scanning and pr
ii mawk [awk] 1.3.3-15 a pattern scanning and text proces
ii original-awk [awk] 2010-02-08-1 The original awk described in "The
base-files recommends no packages.
base-files suggests no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Christoph Anton Mitterer
> I have just changed the default umask in /etc/profile to 002.
> This is just a default. In no way such setting is an imposition on the
> user, as /etc/profile is a configuration file that the user is completely
> free to change, and the changes are preserved on upgrades.
Of course a user can change this,.. but I guess many "normal" users
never stumble across it and will simply leave the new default.
With such an argument ("everybody can change it") we could also, e.g.
install telnetd per default (probably not that secure), or add any user
to the root group per default...
> There will be cases where 002 is better than 022, and there will be
> cases where 022 is better than 002.
Fully agree with that... but I'd suggest if different ways conflict, one
should choose the one, which is the "most secure".
> If you think 002 is not good for
> you, please change it in your system.
Well I do not "complain" for myself. I noticed the change and could
simply keep the old scheme or even 077.
> If you think I was wrong by
> changing the default, and you are a Debian maintainer, please use the
> Debian Constitution to override the decision.
No,.. I'm not... at least not in the foreseeable future.
> Other than that, I think that submitting a new bug report in the
> opposite sense of the current default is completely unacceptable and
> tasteless.
I definitely did not want to offend you in any way.
Anyway, IMHO the new change is a bad idea, therefore (out of the the
wish to improve Debian) I reported this (fully knowing, that you just
change it) in order to let you perhaps reconsider...
Thought that one doesn't have to be DD for this.
Cheers,
Chris.
Santiago Vila
> On Sat, 2010-05-15 at 01:10 +0200, Santiago Vila wrote:
> > I have just changed the default umask in /etc/profile to 002.
> > This is just a default. In no way such setting is an imposition on the
> > user, as /etc/profile is a configuration file that the user is completely
> > free to change, and the changes are preserved on upgrades.
> Of course a user can change this,.. but I guess many "normal" users
> never stumble across it and will simply leave the new default.
>
> With such an argument ("everybody can change it") we could also, e.g.
> install telnetd per default (probably not that secure), or add any user
> to the root group per default...
Please note that the argument was not just "everybody can change it",
but instead "A lot of people consider the new default to be better than
the old one, and those who do not consider it better can change it anyway".
Your example would be good if there were a significant number of people
in favour of installing telnetd by default, or in favour of adding any
user to the root group by default, but I guess such is not the case.
> > There will be cases where 002 is better than 022, and there will be
> > cases where 022 is better than 002.
> Fully agree with that... but I'd suggest if different ways conflict, one
> should choose the one, which is the "most secure".
On systems with User Private Groups, like Debian, 002 is as secure as 022.
> > If you think 002 is not good for
> > you, please change it in your system.
> Well I do not "complain" for myself. I noticed the change and could
> simply keep the old scheme or even 077.
Exactly. I will keep 022 in my system.
> > If you think I was wrong by
> > changing the default, and you are a Debian maintainer, please use the
> > Debian Constitution to override the decision.
> No,.. I'm not... at least not in the foreseeable future.
>
>
> > Other than that, I think that submitting a new bug report in the
> > opposite sense of the current default is completely unacceptable and
> > tasteless.
> I definitely did not want to offend you in any way.
> Anyway, IMHO the new change is a bad idea, therefore (out of the the
> wish to improve Debian) I reported this (fully knowing, that you just
> change it) in order to let you perhaps reconsider...
> Thought that one doesn't have to be DD for this.
Obviously not. I just wanted you to realize that having a bug saying
"you should do this" and another one saying "you should not do this"
at the same time is not nice at all.
There is a discussion in debian-devel. That is the preferred place to
discuss about this, much better than a new bug report.
Christoph Anton Mitterer
You'll find a post at d-d very soon.
Please do not feel that it is about to attack you....
On Sat, 2010-05-15 at 01:51 +0200, Santiago Vila wrote:
> Please note that the argument was not just "everybody can change it",
> but instead "A lot of people consider the new default to be better than
> the old one, and those who do not consider it better can change it anyway".
...I was aware of the thread there and that you just did what a majority
wanted...
Nevertheless,... the majority is not always right (especially in terms
of security issues)...
> Your example would be good if there were a significant number of people
> in favour of installing telnetd by default, or in favour of adding any
> user to the root group by default, but I guess such is not the case.
Well,.. probably.
Anyway,.. I see a trend in Debian to open up more and more and I'd say
Debian should be secure and hardened by default.
That's why I'd always choose hardened config, even if the majority of
all users will have to change it.
> On systems with User Private Groups, like Debian, 002 is as secure as 022.
At a first glance it seems so, at least until no one adds user B to user
A's group...but I'm sceptic that we've really seen all follow-ups and
side effects of such a change.
btw: Is there any other distro which has 002 as default? At least non
I'd know about...
> > Well I do not "complain" for myself. I noticed the change and could
> > simply keep the old scheme or even 077.
> Exactly. I will keep 022 in my system.
So do you, personally, think that it's a good change?
> Obviously not. I just wanted you to realize that having a bug saying
> "you should do this" and another one saying "you should not do this"
> at the same time is not nice at all.
I did not see this in the first place, so sorry for that.
Cheers,
Chris.