From owner-freebsd-arch  Sun May 19 16:16:27 2002
Delivered-To: freebsd-arch@freebsd.org
Received: from Awfulhak.org (gw.Awfulhak.org [217.204.245.18])
	by hub.freebsd.org (Postfix) with ESMTP
	id 9345D37B405; Sun, 19 May 2002 16:16:22 -0700 (PDT)
Received: from hak.lan.Awfulhak.org (root@hak.lan.Awfulhak.org [IPv6:fec0::1:12])
	by Awfulhak.org (8.12.3/8.12.3) with ESMTP id g4JNGIva074503;
	Mon, 20 May 2002 00:16:18 +0100 (BST)
	(envelope-from brian@Awfulhak.org)
Received: from hak.lan.Awfulhak.org (brian@localhost [127.0.0.1])
	by hak.lan.Awfulhak.org (8.12.3/8.12.3) with ESMTP id g4JNGFDV007627;
	Mon, 20 May 2002 00:16:15 +0100 (BST)
	(envelope-from brian@hak.lan.Awfulhak.org)
Message-Id: <200205192316.g4JNGFDV007627@hak.lan.Awfulhak.org>
X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4
To: Marcel Moolenaar <marcel@xcllnt.net>
Cc: "Crist J. Clark" <cjc@FreeBSD.ORG>,
	Brian Somers <brian@Awfulhak.org>, arch@FreeBSD.ORG
Subject: Re: Restricting umasks in periodic scripts 
In-Reply-To: Message from Marcel Moolenaar <marcel@xcllnt.net> 
   of "Sun, 19 May 2002 13:29:25 PDT." <20020519202925.GA17015@dhcp01.pn.xcllnt.net> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Mon, 20 May 2002 00:16:15 +0100
From: Brian Somers <brian@Awfulhak.org>
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-arch.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-arch>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-arch>
X-Loop: FreeBSD.ORG

> On Sun, May 19, 2002 at 12:45:12AM -0700, Crist J. Clark wrote:
> > 
> > As for -STABLE, I haven't really heard any complaints? Might be a bit
> > late to change the status quo before 4.6-RELEASE.
> 
> Wouldn't it be a POLA violation anyway or is there enough security
> concern to overrule POLA?

Well, I guess that's why I'm soliciting comments.

I personally set $daily_local in /etc/periodic.conf to run things.  
They're in the spirit of the existing periodic scripts - ie, they 
just report on things and don't update system files, but if people out 
there have been using $*_local to do other things like maintenance 
tasks, a restrictive umask may break things.

The flip side of the argument is that our security scripts were 
(until recently) creating world-readable temporary files in /var/run 
that contained things such as output from ipfw(8) - something that a 
non-privileged user shouldn't see.  If *we*'re doing this, our users 
are probably falling foul of the same sort of thing....

I'm leaning towards being cautious here.  People ``know'' that the 
default umask is 022.  If they write stuff that depends on that 
without explicitly setting the umask, I don't think it's up to us to 
surprise them.

> -- 
>  Marcel Moolenaar	  USPA: A-39004		 marcel@xcllnt.net

-- 
Brian <brian@Awfulhak.org>                    <brian@freebsd-services.com>
      <http://www.Awfulhak.org>                   <brian@[uk.]FreeBSD.org>
Don't _EVER_ lose your sense of humour !          <brian@[uk.]OpenBSD.org>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message