[4661] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

wu-ftpd 2.4.2-beta-13 default UMASK hole

daemon@ATHENA.MIT.EDU (Roy M. Hooper)
Wed Jun 11 15:56:09 1997

Date: 	Wed, 11 Jun 1997 12:06:50 -0400
Reply-To: "Roy M. Hooper" <rhooper@TOYBOX.OTTAWA.ON.CA>
From: "Roy M. Hooper" <rhooper@TOYBOX.OTTAWA.ON.CA>
To: BUGTRAQ@NETSPACE.ORG

The default umask for wu-ftpd 2.4.2-beta-13 is 002.
Since most users on most sites are in the same group, all files created by
users PUTting files would be group writeable by anyone.  Not a good thing.

The offending code is in "ftpd.c" line 259:
#if !defined(CMASK) || CMASK == 0
#undef CMASK
#define CMASK 002
#endif

Changing CMASK 002 to CMASK 022 will fix this.

--
Roy Hooper                   rhooper@freenet.carleton.ca
System Administrator,        "Mom!  I let my mind wander and
Cyberus Online Inc.          it didn't come back!" - Bill Waterson
             Help fight internet spam:  http://www.vix.com/spam/


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[4661] in bugtraq

wu-ftpd 2.4.2-beta-13 default UMASK hole

daemon@ATHENA.MIT.EDU (Roy M. Hooper)Wed Jun 11 15:56:09 1997

daemon@ATHENA.MIT.EDU (Roy M. Hooper)
Wed Jun 11 15:56:09 1997