Circa 2003-03-13 15:01:47 -0500 dixit William Au: : I did a strace on a rpm install command. I discovered that : it use a mode of 0666 to write the files initially. : : open("/var/temp/testfile;3e70df2d", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 10 No, it doesn't. See below. : It then calls rename(), chmod(), and utime() after writing the files. : It looks like this is hard-coded into rpmio/rpmio.c. Isn't this a : security hole? No, it's not. See below. : The content of the file can be replaced by anyone on the system before : chmod() is called. No, it can't. The open(2) system call opens a file with the specified mode (here, 0666) *as modified by* the process's umask. Normal umasks are either 022 (deny write to group, others) or 02 (deny write to others), depending on how your system is set up. In the first case, the open() call above creates a file with mode 0644 (rw-r--r--); in the second case, mode 0664 (rw-rw-r--). If you set your umask to 0, then yes, RPM may create files with mode 0666 (rw-rw-rw-). But then, so will a lot of other commands. If you want to find out whether this is *really* a problem, you'll look in the strace log for a call to umask() and see whether rpm sets the umask to some insane value (like 0 or 770). Otherwise, if RPM creates world-writable files, it's your fault. -- jim knoble | firstname.lastname@example.org | http://www.pobox.com/~jmknoble/ (GnuPG fingerprint: 31C4:8AAC:F24E:A70C:4000::BBF4:289F:EAA8:1381:1491) Stop the War on Freedom ... Start the War on Poverty!
Description: PGP signature