Bug 122843 - Bad umask logic sets default world permission of read for csh users
Bad umask logic sets default world permission of read for csh users
Product: Red Hat Linux
Classification: Retired
Component: setup (Show other bugs)
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Bill Nottingham
David Lawrence
: Security
Depends On:
  Show dependency treegraph
Reported: 2004-05-08 22:58 EDT by Bill Gorder
Modified: 2014-03-16 22:45 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-05-21 14:33:53 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Bill Gorder 2004-05-08 22:58:37 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1)

Description of problem:
/etc/csh.cshrc has a logic error in the setting of umask in Red Hat 9.
 The line in error is

[ "`id -gn`" = "`id -un`" -a `id -u` -gt 99 ]

and should be 

if ( "`id -gn`" == "`id -un`" && `id -u` > 99 ) then

The bad line sets umask = 002 instead of 007.  It looks like bash that
was not fully converted to csh

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.copy if statement to a file (fn)
2.place "echo" before the then and else clauses so the path taken is
3.run csh fn     where fn is the name of the file
4. Observe the error
5. Also, just create a file by any means and examine it with (ls
-alt), observe that world read permissions are set.

Actual Results:  Error causes all files created by a user to have
world read permission set (umask 002)

Expected Results:  Files created by a user should have no world
permissions (umask 007)

Additional info:

To fix, replace the line
[ "`id -gn`" = "`id -un`" -a `id -u` -gt 99 ]
if ( "`id -gn`" == "`id -un`" && `id -u` > 99 ) then

The error can be a security issue as it exposes all user information
to any other user.
Comment 1 Bill Nottingham 2004-05-21 14:33:53 EDT
umask is never set to 007, in any *rc file (csh or bash); it's 002 for
normal users and 022 for root.

Note You need to log in before you can comment on or make changes to this bug.