Bug 122843 - Bad umask logic sets default world permission of read for csh users
Summary: Bad umask logic sets default world permission of read for csh users
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: setup   
(Show other bugs)
Version: 9
Hardware: i686
OS: Linux
Target Milestone: ---
Assignee: Bill Nottingham
QA Contact: David Lawrence
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2004-05-09 02:58 UTC by Bill Gorder
Modified: 2014-03-17 02:45 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-05-21 18:33:53 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Bill Gorder 2004-05-09 02:58:37 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1)

Description of problem:
/etc/csh.cshrc has a logic error in the setting of umask in Red Hat 9.
 The line in error is

[ "`id -gn`" = "`id -un`" -a `id -u` -gt 99 ]

and should be 

if ( "`id -gn`" == "`id -un`" && `id -u` > 99 ) then

The bad line sets umask = 002 instead of 007.  It looks like bash that
was not fully converted to csh

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.copy if statement to a file (fn)
2.place "echo" before the then and else clauses so the path taken is
3.run csh fn     where fn is the name of the file
4. Observe the error
5. Also, just create a file by any means and examine it with (ls
-alt), observe that world read permissions are set.

Actual Results:  Error causes all files created by a user to have
world read permission set (umask 002)

Expected Results:  Files created by a user should have no world
permissions (umask 007)

Additional info:

To fix, replace the line
[ "`id -gn`" = "`id -un`" -a `id -u` -gt 99 ]
if ( "`id -gn`" == "`id -un`" && `id -u` > 99 ) then

The error can be a security issue as it exposes all user information
to any other user.

Comment 1 Bill Nottingham 2004-05-21 18:33:53 UTC
umask is never set to 007, in any *rc file (csh or bash); it's 002 for
normal users and 022 for root.

Note You need to log in before you can comment on or make changes to this bug.