Red Hat 7 insecure umask

73

Author: JT Smith

“The Redhat useradd script creates a group for the new user with the
same name as the username by default. When the user logs in, any
shell that uses /etc/profile will set the umask to 002 if the user’s
username and groupname match and their uid is greater than 14. If the
user then issues su to become root without specifying the -l option the
root account inherits the umask of 002. As root the user may then create
files with somewhat insecure permissions. Redhat seemed to understand
that system users should have a umask of 022, because /etc/profile will
set the umask that way for users loging in with a uid less than 14, but
they forgot about su.” Full details at Help Net Security.

Category:

  • Linux