Bug 120034 - running up2date from via console helper uses users umask
running up2date from via console helper uses users umask
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: usermode (Show other bugs)
3.0
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Miloslav Trmač
David Lawrence
:
: 214359 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-04-05 08:48 EDT by Traxtopel
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-03-18 01:44:18 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Traxtopel 2004-04-05 08:48:10 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040224

Description of problem:
We set the umask of users via a script in /etc/profile.d/
Basically users -gt 99 get 0077 and -lt 0022. This we do for security.

Issue is when you run up2date via console helper, the users umask of
0077. With most RPMS, this causes no problems, as the permissions
files in RPMS are predefined.

In rhel3 update2 preview, the gnome-panel update, runs gconftool2 at
post, when a user has a umask of 0077 this causes some files in
/etc/gconf to unreadable to users (retaining the 0077 umask). Causes
the gnome-panel to freeze after logging out/ logging in.

It may be wise to add some sort of default umask to up2date so this
does not occur.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. set user umask to 0077
2. configure a yum server, add gnome-panel update to it
3. run up2date, install gnome-panel update
    

Additional info:
Comment 1 Miloslav Trmač 2007-03-18 01:44:18 EDT
Thanks for your report.

Unfortunately there seems to be no practical way to make sure the umask is
"correct".  Some system administrators set up their systems to use 077 for the
root user only (not for regular users), so hard-coding 022 or 002 in usermode
would be explicitly dictating a policy contrary to the system administrator's
wishes.

Ideally, userhelper would interpret the /etc/profile.d/* scripts to use the same
umask that is used by other processes run as root;  this can't be done for
security reasons.

The specific problem with rpm scriptlets would probably be best solved by
enforcing an umask within rpm to the 022 or 002 value expected by some
scriptlets, or by auditing all scriptlets to make sure they don't depend on the
default umask value.  One of these changes will probably be implemented within
Fedora and should eventually be available in RHEL.
Comment 2 Miloslav Trmač 2007-04-10 06:36:53 EDT
*** Bug 214359 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.