Re: J-Pilot Permissions Vulnerability

[Christopher Palmer <chrisp () BITSTREAM NET>]

On Fri, Dec 15, 2000 at 06:48:22PM -0500, Rich Lafferty wrote:

> Isn't that *expected* behavior? umask is used to set the default
> permission bits for file creation, and J-Pilot creates files with the
> permissions you specify in your umask. If you don't want new files created
> group-writeable, then set your umask so they're not!

J-Pilot may be doing what the user asks for, as you say, even if the user
doesn't know she's asking for this bad behavior. (I call it `bad' because I
doubt you can find a user anywhere that wants their grocery list
world-readable or whatever.) I'm a fairly experienced UNIX user, and this
bug bit me, too--I never expected J-Pilot to make my stuff anything other
than 600. The problem is that even if a user knows about the situation, they
don't necessarily want to go changing their umask everytime they launch and
quit from J-Pilot--so you've got inconvenience butting heads with security,
as ever.

The simple solution in this case is for J-Pilot to write files in mode 600,
as probably every user everywhere will want. I could write a very simple
wrapper to make J-Pilot have the right umask, but why should security be for
only those in the know?


--
Christopher Palmer
Bitstream Underground