oss-sec mailing list archives
Re: Fw: Security risk of vim swap files
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 1 Nov 2017 10:32:41 -0600
One note on something a lot of people seem to be getting confused about: umask is a mask that is applied to permissions when a file is created. umask is NOT the reverse of the permissions your programs/etc are supposed to create files with. E.g.: 1) if I have a umask of 0002 I'm saying "never create a file that is readable by 'other'" 2) if I have a umask of 0007 I'm saying "never create a file that is rwx by 'other'" 3) if I have a umask of 0077 I'm saying "never create a file that is rwx by 'group' or 'other'" A umask of e.g. 0007 is NOT saying "create my files with rwxrwx----", it is saying "remove 'rwx' from other when creating a file, I don't really care what you do with user and group permissions" So programs are free to create files with less permissions, e.g. ssh-keygen, it creates files rw-r-----, minus whatever your umask is, so if you apply a umask of 0077 you'll get files with rw-------- which is what you' expect. -- Kurt Seifried -- Red Hat -- Product Security -- Cloud PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 Red Hat Product Security contact: secalert () redhat com
Current thread:
- Re: Security risk of vim swap files, (continued)
- Re: Security risk of vim swap files Simon Waters (Surevine) (Oct 31)
- Re: Security risk of vim swap files Matthias Luft (Nov 07)
- Re: Fw: Security risk of vim swap files Tim (Oct 31)
- Re: Fw: Security risk of vim swap files Kurt H Maier (Oct 31)
- Re: Fw: Security risk of vim swap files Tim (Oct 31)
- Re: Fw: Security risk of vim swap files Steffen Nurpmeso (Oct 31)
- Re: Fw: Security risk of vim swap files Leonid Isaev (Nov 01)
- Re: Fw: Security risk of vim swap files Simon McVittie (Nov 01)
- Re: Fw: Security risk of vim swap files Tim (Nov 01)
- Re: Fw: Security risk of vim swap files Jeffrey Walton (Nov 01)
- Re: Fw: Security risk of vim swap files Kurt Seifried (Nov 01)
- Re: Fw: Security risk of vim swap files Jakub Wilk (Nov 01)
- Re: Fw: Security risk of vim swap files Solar Designer (Nov 01)
- Re: Security risk of vim swap files Ian Zimmerman (Nov 06)
- Re: Security risk of vim swap files Solar Designer (Nov 06)
- Re: Security risk of vim swap files Jakub Wilk (Nov 06)
- Re: Fw: Security risk of vim swap files Kurt H Maier (Oct 31)
- Re: Security risk of vim swap files Simon Waters (Surevine) (Oct 31)
- Re: Fw: Security risk of vim swap files Jakub Wilk (Nov 01)
- Re: Fw: Security risk of vim swap files Leonid Isaev (Nov 01)
- Re: Fw: Security risk of vim swap files Jan Pokorný (Nov 01)