What, I wonder, would be the consequences of setgid directories overring umask, rather than a system wide umask change?
We could leave umask set to 0022 but when creating files and directories in setgid directories the 0020 bit of the umask would itself be masked out. This would seem to localize the change to where it is needed, thus reducing the possibility for accidental security holes. Setgid already does much wierdness. Adding this small extra wierdness would not be inelegant. This would seem to be a trival kernel patch, whether implemented alone or together with a /sys control to enable/disable it. Can anyone see any downside? --Mike Bird -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201005300944.50893.mgb-deb...@yosemite.net