On Wed Jul 23, 2003 at 11:56:14AM -0700, David Guntner wrote: > I hope someone from Mandrake is still reading this list. I got the > advisary for the new kernel in my mail, and installed the new kernel. > Since, then, any number of processes which used to write files that were > writable only by themselves (leafnode as user news, mailman as user mail > and so on) are now writing their files in a world readable setting. My > security logs this morning started reporting files in /var/spool/news, > /var/lock/subsys, /var/run, /var/lib/mailman/lists and so on as being > writable. Checking those directories, I find sure enough that everything > is -rw-rw-rw- -- clearly, this is not acceptable! Can someone please > look into this and fix it and issue a new kernel? This needs to not > continue to happen. When I su to the user IDs in question and do a umask > command, I see 0022 like it should be - so I can't see any reason why this > should be happening.
We've not seen this at all during testing. Which kernel did you install? secure, up, smp, etc... uname -a would be good. That is really really wierd. Just ran msec here and it just shows me that my initrd is world-writable so I don't think your problem is due to the kernel. cc'ing this to Juan just so he can check as well. -- MandrakeSoft Security; http://www.mandrakesecure.net/ Online Security Resource Book; http://linsec.ca/ "lynx -source http://linsec.ca/vdanen.asc | gpg --import" {FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
pgp00000.pgp
Description: PGP signature
