[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: permission of files created by rpm install



Circa 2003-03-13 15:01:47 -0500 dixit William Au:

: I did a strace on a rpm install command.  I discovered that
: it use a mode of 0666 to write the files initially.
: 
: open("/var/temp/testfile;3e70df2d", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 10

No, it doesn't.  See below.

: It then calls rename(), chmod(), and utime() after writing the files.
: It looks like this is hard-coded into rpmio/rpmio.c.  Isn't this a 
: security hole?

No, it's not.  See below.

: The content of the file can be replaced by anyone on the system before
: chmod() is called.

No, it can't.

The open(2) system call opens a file with the specified mode (here,
0666) *as modified by* the process's umask.

Normal umasks are either 022 (deny write to group, others) or 02 (deny
write to others), depending on how your system is set up.  In the first
case, the open() call above creates a file with mode 0644 (rw-r--r--);
in the second case, mode 0664 (rw-rw-r--).

If you set your umask to 0, then yes, RPM may create files with mode
0666 (rw-rw-rw-).  But then, so will a lot of other commands.

If you want to find out whether this is *really* a problem, you'll look
in the strace log for a call to umask() and see whether rpm sets the
umask to some insane value (like 0 or 770).

Otherwise, if RPM creates world-writable files, it's your fault.

-- 
jim knoble  |  jmknoble@pobox.com  |  http://www.pobox.com/~jmknoble/
(GnuPG fingerprint: 31C4:8AAC:F24E:A70C:4000::BBF4:289F:EAA8:1381:1491)
Stop the War on Freedom ... Start the War on Poverty!

Attachment: pgp00017.pgp
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []