On Wed Jul 23, 2003 at 05:20:12PM -0600, Vincent Danen wrote: > On Wed Jul 23, 2003 at 02:34:09PM -0700, Bryan Whitehead wrote: > > > >I hope someone from Mandrake is still reading this list. I got the > > >advisary for the new kernel in my mail, and installed the new kernel. > > >Since, then, any number of processes which used to write files that were > > >writable only by themselves (leafnode as user news, mailman as user mail > > >and so on) are now writing their files in a world readable setting. My > > >security logs this morning started reporting files in /var/spool/news, > > >/var/lock/subsys, /var/run, /var/lib/mailman/lists and so on as being > > >writable. Checking those directories, I find sure enough that everything > > >is -rw-rw-rw- -- clearly, this is not acceptable! Can someone please > > >look into this and fix it and issue a new kernel? This needs to not > > >continue to happen. When I su to the user IDs in question and do a umask > > >command, I see 0022 like it should be - so I can't see any reason why this > > >should be happening. > > > > I have the same problem: > [...] > > Thanks, Bryan. This helps.
Ok. kernel-secure seems safe XFS filesystems are safe Any kernel (non-secure) using a fs (non-XFS) will write mode 0666 files... this includes reiserfs, ext2, ext3, and NFS mounts. I guess most everyone on secteam uses XFS since that was the fs we were particularly concerned with due to the ACLs and gdb problems. Dammit. Please back out to 18mdk or 13mdk until we get this fixed. I have to pull those kernels off the mirror sites now. Thanks for alerting us to this. This sort of thing demonstrates the need for a formal bug tracker for post-release releases. -- MandrakeSoft Security; http://www.mandrakesecure.net/ Online Security Resource Book; http://linsec.ca/ "lynx -source http://linsec.ca/vdanen.asc | gpg --import" {FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
pgp00000.pgp
Description: PGP signature
