Opened 7 years ago

Last modified 7 years ago

#300 closed defect

insecure umask 0000 on ubuntu server — at Initial Version

Reported by: mattja Owned by:
Priority: major Milestone:
Component: Server Keywords: security
Cc:

Description

xterm started as application session on the remote server runs with umask 0000.
This has security impact as files/directories created by users are then world-writable.
Expected: some sensible default like 002 or 022.

Version: winswitch 0.12.23-1, xpra 2.1.1-r16658-1

Possible cause: winswitch server assumes umask will be set in /etc/bashrc.
That is true on Red Hat derived systems.
But it is not true on Ubuntu (tested 16.04 LTS) where I think umask is expected to be set by PAM session (pam_umask.so).

Perhaps related, the PAM file provided by /etc/pam.d/xpra
seems to assume a Red Hat style system and most of the PAM modules referenced there do not exist on a Ubuntu system.

Change History (0)

Note: See TracTickets for help on using tickets.