#300 closed defect (worksforme)
insecure umask 0000 on ubuntu server — at Version 1
| Reported by: | mattja | Owned by: | |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | Server | Keywords: | security |
| Cc: |
Description (last modified by )
xterm started as application session on the remote server runs with umask 0000.
This has security impact as files/directories created by users are then world-writable.
Expected: some sensible default like 002 or 022.
Version: winswitch 0.12.23-1, xpra 2.1.1-r16658-1
Possible cause: winswitch server assumes umask will be set in /etc/bashrc.
That is true on Red Hat derived systems.
But it is not true on Ubuntu (tested 16.04 LTS) where I think umask is expected to be set by PAM session (pam_umask.so).
Perhaps related, the PAM file provided by /etc/pam.d/xpra
seems to assume a Red Hat style system and most of the PAM modules referenced there do not exist on a Ubuntu system.
Change History (1)
comment:1 Changed 7 years ago by
| Description: | modified (diff) |
|---|---|
| Resolution: | → invalid |
| Status: | new → closed |
Note: See
TracTickets for help on using
tickets.
copyleft 2009 - 2014
I believe this is an xpra bug, not winswitch, please use xpra's tracker: https://xpra.org/trac.