[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] xinetd: insecure umask

To: linux-security
Subject: [linux-security] xinetd: insecure umask
From: Martin Siegert <siegert@sfu.ca>
Date: Thu, 14 Jun 2001 17:10:46 -0700
User-Agent: Mutt/1.2.5i

Topic
=====
xinetd uses insecure umask of 0.

Problem Description
===================
Xinetd runs with umask 0 - this means that applications using the xinetd
umask and not setting the permissions themselves (like swat from the samba
package), will create world writable files.

Affected Systems
================
all systems that use xinetd (and not inetd), e.g., RedHat 7.x,
Mandrake 7.2, 8.0

Solution
========
RedHat 7.x
----------
rpm -Fvh xinetd-2.1.8.9pre15-2.i386.rpm

Mandrake 7.2
------------
rpm -Fvh xinetd-2.1.8.9pre15-1.2mdk.i586.rpm

Mandrake 8.0
------------
rpm -Fvh xinetd-2.1.8.9pre15-1.1mdk.i586.rpm \
         xinetd-ipv6-2.1.8.9pre15-1.1mdk.i586.rpm

Prev by Date: [linux-security] GnuPG format string bug
Next by Date: [linux-security] ispell temp file creation
Prev by thread: [linux-security] ispell temp file creation
Next by thread: [linux-security] GnuPG format string bug
Index(es):
- Date
- Thread