[20391] in bugtraq
Re: Redhat 7 insecure umask
daemon@ATHENA.MIT.EDU (Rebecca Kastl)
Mon Apr 23 17:37:50 2001
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <Pine.LNX.4.30.0104221420060.16293-100000@7of9.neohapsis.com>
Date: Sun, 22 Apr 2001 14:30:23 -0500
Reply-To: Rebecca Kastl <rkastl@NEOHAPSIS.COM>
From: Rebecca Kastl <rkastl@NEOHAPSIS.COM>
X-To: Drew Jones <drewj@DOR1.LIB.UNI.EDU>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <200104202041.PAA01007@dor1.lib.uni.edu>
On Fri, 20 Apr 2001, Drew Jones wrote:
> Problem:
> Users of Redhat 7 may have their umask set insecurely while acting
> as root.
>
> Description:
> ...When the user logs in, any shell that uses /etc/profile will set
> the umask to 002 if the user's username and groupname match and their
> uid is greater than 14. If the user then issues su to become root
> without specifying the -l option the root account inherits the umask
> of 002.... Redhat seemed to understand that system users should have a
> umask of 022, because /etc/profile will set the umask that way for
> users loging in with a uid less than 14, but they forgot about su.
Maybe I'm missing something here, but isn't the "problem" with su, not
/etc/profile?
From the su man page:
-, -l, --login
make the shell a login shell
If the shell is not a login shell, then /etc/profile nor any .*shrc
scripts are processed -- you merely assume the UID of the account you are
su'ing to. To assume the complete environment of the account you wish to
impersonate, then you have to specify '-' or '-l' so that environmental
scripts are processed.
--Rebecca Kastl
