Date: Fri, 20 Apr 2001 15:41:05 -0500
From: Drew Jones <drewj@DOR1.LIB.UNI.EDU>
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Redhat 7 insecure umask
Problem:
Users of Redhat 7 may have their umask set insecurely while acting as root.
Severity:
Medium/Low
Description:
The Redhat useradd script creates a group for the new user with the same
name as the username by default. When the user logs in, any shell that uses
/etc/profile will set the umask to 002 if the user's username and groupname
match and their uid is greater than 14. If the user then issues su to become
root without specifying the -l option the root account inherits the umask of
002. As root the user may then create files with somewhat insecure permissions.
Redhat seemed to understand that system users should have a umask of 022,
because /etc/profile will set the umask that way for users loging in with a
uid less than 14, but they forgot about su.
The offending lines in /etc/profile:
...
if [ `id -gn` = `id -un` -a `id -u` -gt 14 ]; then
umask 002
else
umask 022
fi
...
The fix:
Get rid of the if-statement in /etc/profile and replace it with
'umask 022' (no quotes).
Andrew Jones
-------------
Computer Science and Physics student at the University of Northern Iowa
