On 01-Aug-2014, Ethan Furman wrote: > It is certainly better than the status quo, but I must admit I don't > understand why you place more importance on following a now > known-to-be-insecure default rather than going with a > secure-by-default design.
The default of “set the umask to 0” was always known to produce an insecure program; that's exactly why there is a parameter to set an explicitly-chosen umask value as chosen by the daemon programmer. The default of 0 is because there is no unambiguous, obvious single value to set instead. The reason given in the Stevens reference is because the programmer is assumed to know better than the library what mode to create files with. > If a daemon user needs world-writable files it is not hard to change > the daemon umask setting to 0, but by having it be something else, > such as 077 There's no single umask value which makes sense by default. If you know of one, I will need more than anecdote or personal preference, I will need to see substantial evidence in favour of daemon programmers, on all Unix variants Python supports, expecting *one specific* behaviour over all others. Moreover, “set the umask to 0 and let the specific daemon program decide for itself” is the conventional behaviour for Unix daemons everywhere I've seen. We're implementing conventional behaviour for Unix daemons. So that's a strong reason not to deviate from that without a clearly better setting — and “something else, such as foo” is not a clear mandate for that specific value. > then all who are ignorant of the trap still won't fall into it So the best I can get from that is that you'd prefer no default, and instead raise an exception if no umask value is specified. Yes? -- \ “If you go flying back through time and you see somebody else | `\ flying forward into the future, it's probably best to avoid eye | _o__) contact.” —Jack Handey | Ben Finney <[email protected]>
signature.asc
Description: Digital signature
_______________________________________________ python-daemon-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/python-daemon-devel
