Date: Wed, 29 Feb 2012 08:00:21 -0700 From: Ian Lepore <freebsd@damnhippie.dyndns.org> To: jb <jb.1234abcd@gmail.com> Cc: freebsd-current@freebsd.org Subject: Re: negative group permissions? Message-ID: <1330527621.1023.27.camel@revolution.hippie.lan> In-Reply-To: <loom.20120229T141955-30@post.gmane.org> References: <20120228092244.GB48977@mech-cluster241.men.bris.ac.uk> <loom.20120228T155607-690@post.gmane.org> <20120228162447.GB58311@mech-cluster241.men.bris.ac.uk> <20120229072458.GA95427@DataIX.net> <20120229085716.GA66484@mech-cluster241.men.bris.ac.uk> <loom.20120229T111136-48@post.gmane.org> <loom.20120229T141955-30@post.gmane.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 2012-02-29 at 13:21 +0000, jb wrote: > jb <jb.1234abcd <at> gmail.com> writes: > > > ... > > I would suggest (if you can) that you change the .seq permissions to 0664 and > > watch what happens to it - the purpose is to narrow down who/what changed its > > mode. > > Some history. logs. and some ad hoc "watch script" would do it. > > Take a look at "notify" feature (file, dir, event). > http://www.freebsd.org/cgi/ports.cgi?query=notify&stype=all > jb I don't understand why everyone is focused on the 641 mode the file ends up with. The code creates the file using 0661, and under a umask of 022 you end up with a file with 0641 permissions. How the write bit disppeared from the group permissions doesn't seem to be germane to the real question of why the code specifies world-exec access. I don't think it's a legitimate attempt to leverage the negative permissions quirk, because it doesn't effectively do so. It's not a directory or executable file in the first place, so making it executable for everyone except the owner and group is not some sort of subtle security trick, it's just meaningless. I think the code is long overdue for a fix to 0660 permissions when creating the file. -- Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1330527621.1023.27.camel>