[GRASS-dev] Directory security/permission issue
Brad Douglas
rez at touchofmadness.com
Mon Jul 9 20:37:10 EDT 2007
On Mon, 2007-07-09 at 22:25 +0100, Glynn Clements wrote:
> Brad Douglas wrote:
>
> > While looking over my working dirs, today, I noticed that all of my
> > recent locations were created with 0777 permissions, instead of the
> > traditional 0755 mask. Temp directories are still created properly.
> >
> > 0777 is bad form and a potential security problem.
> >
> > Is there a reason for the change I missed? A quick search through the
> > archives didn't turn up anything.
> >
> > It seems to have come as an accidental result of the MINGW changes. The
> > offending code can be found in lib/gis/paths.c in G_mkdir().
> >
> > This should be explained or corrected before 6.2.2 is released.
>
> The mode passed to mkdir is modified by the process' umask to obtain
> the actual mode of the directory. If you're ending up with
> world-writable directories, that implies that your umask is zero,
> which is insecure.
>
> Your umask should normally be at least 0022, (or 0022 if you want
> files to be group-writable, which is sometimes useful); if you're
> paranoid, use 0077 (i.e. no permissions for anyone but yourself).
umask...figures. Your lack of cerebral bitrot astounds me. I had
completely forgotten about it and I, apparently, was too arrogant to
look at a manpage. ;-)
Don't know how, but my umask was set to 0002.
--
73, de Brad KB8UYR/6 <rez touchofmadness com>
More information about the grass-dev
mailing list