[18201] in bugtraq
Re: J-Pilot Permissions Vulnerability
daemon@ATHENA.MIT.EDU (Robert Bihlmeyer)
Tue Dec 19 23:20:31 2000
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="----------=_977225190-903-1";
micalg="pgp-sha1"; protocol="application/pgp-signature"
Message-Id: <87zohsejp4.fsf@hoss.orcus.priv.at>
Date: Tue, 19 Dec 2000 12:25:59 +0100
Reply-To: Robert Bihlmeyer <robbe@ORCUS.PRIV.AT>
From: Robert Bihlmeyer <robbe@ORCUS.PRIV.AT>
X-To: Judd Montgomery <judd@ENGINEER.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Judd Montgomery's message of "Fri, 15 Dec 2000 12:26:40 -0500"
This is a multi-part message in MIME format.
It has been signed conforming to RFC2015.
You'll need PGP or GPG to check the signature.
------------=_977225190-903-1
Content-Type: text/plain; charset=us-ascii
Judd Montgomery <judd@ENGINEER.COM> writes:
> J-Pilot has always used the pre set umask when creating directories and
> files, therefore I have never considered this to be a security risk. It
> is up to the system administrator or the user to set the umask to
> his/her liking.
I think the umask concept is lacking here. I need at least two general
levels of modes: I'm perfectly happy with other users reading
(executing) my shell scripts, source code, etc. - so I generally leave
the umask somewhere near 022.
OTOH, there's definitely data that I would like to keep private from
everybody, or everybody outside my group: private notes, financial
data, my mail, bookmarks, and so on.
The only way one can reach this goal with umask is with wrapper
scripts (for example, gnucash could be wrapped by "(umask 077;
gnucash.real)"). For notes, I'd have to have two instances of Emacs
(public and private) running. Messy.
The alternative is to give more responsibility to applications. I
think a good approximation for J-Pilot would be to OR the umask with
044, iff there are any private records present. Other apps that
sometimes save private information could perhaps support a "private
mode" (i.e. an editor could offer a command to later save a buffer
with private umask).
Of course, ALL apps should preserve the mode of existing files unless
told otherwise ...
--
Robbe
------------=_977225190-903-1
Content-Type: application/pgp-signature; name="signature.ng"
Content-Disposition: inline; filename="signature.ng"
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE6P0Xq8g21h7wYWrMRAkvEAKC5AkH+zZ9v3SoNYZuLn7ujTfK+4wCgzYtG
3omRSbVyUv3XC3eTTnD3Hts=
=QKOl
-----END PGP SIGNATURE-----
------------=_977225190-903-1--
