oss-sec mailing list archives
Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022
From: Brian May <brian () linuxpenguins xyz>
Date: Thu, 08 Oct 2020 08:07:10 +1100
Jeremy Stanley <fungi () yuggoth org> writes:
As a long-time Debian user myself, I agree that this default is showing its age, and can represent a risk for operators who overlook it.
Yes, I agree the default should be changed. Just note that there is a reasonable amount of software install instructions that assume umask is 022 and will install software with unusable permissions if it is not. Perhaps the worst example I can think of is Docker image builds. COPY/ADD will install the files in the Docker image with their current permissions with no way to override. So all the files inside the image unreadable for everyone except by root. If you want to run stuff inside the Docker image as non-root (which is recommended) you either have to fix the permissions first or add a RUN command to fix the permissions - which can be slow and the layer generated can be large (due to the inefficient way layers are represented in Docker). -- Brian May <brian () linuxpenguins xyz> https://linuxpenguins.xyz/brian/
Current thread:
- Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Georgi Guninski (Oct 07)
- Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Jeremy Stanley (Oct 07)
- Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Noel Kuntze (Oct 07)
- Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Brian May (Oct 07)
- Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Solar Designer (Oct 12)
- Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Kurt H Maier (Oct 12)
- Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Jeffrey Walton (Oct 12)
- Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Brian May (Oct 12)
- Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Russ Allbery (Oct 12)
- Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Jeremy Stanley (Oct 07)
- Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Eli Schwartz (Oct 13)
- Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Seth Arnold (Oct 07)
- Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Bob Friesenhahn (Oct 08)