Get the LinuxSecurity news you want faster with RSS
Powered By
Linux Advisory Watch: September 16th 2005
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas
This week, advisories were released for apache, kdelibs, cvs, mod_ssl, tdiary,
squid, mozilla, common-lisp, turqstat, slib, umb-scheme, psmisc, gtk, file,
subversion, unzip, e2fsprogs, selinux-policy-targeted, firefox, mozilla, vte,
xdelta, tvtime, dhcp, gnupg, util-linux, mc, libwnck, pcre, exim, and squid.
The distributors include, Debian, Fedora, Gentoo, and Red Hat.
Master of Science in Information
Security - Earn your Master of Science in Information Security online
from Norwich University. Designated a "Center of Excellence", the program offers
a solid education in the management of information assurance, and the unique case
study method melds theory into practice. Using today's e-Learning technology,
you can earn this esteemed degree, without disrupting your career or home life.
Using umask
The umask can be used to control the default file permission on
newly-created files. The umask command controls the default file
and directory creation mode for newly-created files and directories.
It is recommended that you make root's umask 077, which will disable
read, write, and execute permission for other users, unless explictly
changed using chmod.
The umask command can be used to determine the default file creation
mode on your system. It is the octal complement of the desired file
mode. If files are created without any regard to their permissions
settings, a user could inadvertently give read or write permission
to someone that should not have this permission.
The umask for the creation of new executable files is calculated as
follows:
777 Default Permissions
-022 Subtract umask value, for example
-----
755 Allowed Permissions
So in this example we chose 022 as our umask. This shows us that
new executables that are created are given mode 755, which means
that the owner can read, write, and execute the binary, while members
of the group to which the binary belongs, and all others, can only
read and execute it.
The umask for the creation of new text files is calculated as
follows:
666 Default Permissions
-022 Subtract umask mask, for example
-----
644 Allowed Permissions
This example shows us that given the default umask of 666, and
subtracting our sample umask value of 022, new text files are
created with mode 644, which states that the owner can read and
write the file, while members of the group to which the file
belongs, and everyone else can only read the new file. Typically
umask settings include 022, 027, and 077, which is the most
restrictive. Normally the umask is set in /etc/profile, so it
applies to all users on the system. The file creation mask must
be set while keeping in mind the purpose of the account.
Permissions that are too restrictive may cause users to start
sharing accounts or passwords, or otherwise compromise security.
For example, you may have a line that looks like this:
# Set the user's default umask
umask 033
Be sure to make root's umask to at least 022, which will
disable write and execute permission for other users, unless
explicitly changed using chmod(1).
Linux File
& Directory Permissions Mistakes - One common mistake Linux administrators
make is having file and directory permissions that are far too liberal and
allow access beyond that which is needed for proper system operations. A full
explanation of unix file permissions is beyond the scope of this article,
so I'll assume you are familiar with the usage of such tools as chmod, chown,
and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.
Introduction:
Buffer Overflow Vulnerabilities - Buffer overflows are a leading type
of security vulnerability. This paper explains what a buffer overflow is,
how it can be exploited, and what countermeasures can be taken to prevent
the use of buffer overflow vulnerabilities.
Getting
to Know Linux Security: File Permissions - Welcome to the first
tutorial in the 'Getting to Know Linux Security' series. The topic explored
is Linux file permissions. It offers an easy to follow explanation of how
to read permissions, and how to set them using chmod. This guide is intended
for users new to Linux security, therefore very simple. If the feedback is
good, I'll consider creating more complex guides for advanced users. Please
let us know what you think and how these can be improved.
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to security-discuss-request@linuxsecurity.com
with "subscribe" as the subject.
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
Debian: New Apache packages fix HTTP request smuggling
*.scm and *.init scripts shipped with slib expect that slib is located directly in /usr/local/lib what's not true. This update fixes this problem.
http://www.linuxsecurity.com/content/view/120334
GLib 2.6.6 fixes several bugs in the GOption cmdline option parser, in the GKeyFile keyfile parser, a possible deadlock with threadpools and several other bugs.
http://www.linuxsecurity.com/content/view/120340
Fedora Core 4 Update: gtk2-2.6.10-1
8th, September, 2005
GTK+ 2.6.10 fixes numerous bugs in the file chooser, the icon view, and some other widgets. See the release announcements at http://www.gtk.org for more details.
http://www.linuxsecurity.com/content/view/120341
xdelta shipped with FC4 isn't compiled with large file support and uses obsolete glib-1.2 library. The libedsio symbols are missing from the installed libxdelta library. This release introduces xdelta ported to glib-2 and fixes the noted issues.
http://www.linuxsecurity.com/content/view/120365
Fedora Core 3 Update: xdelta-1.1.3-16.fc3
12th, September, 2005
xdelta shipped with FC3 isn't compiled with large file support and uses obsolete glib-1.2 library. The libedsio symbols are missing from the installed libxdelta library. This release introduces xdelta ported to glib-2 and fixes the noted issues.
http://www.linuxsecurity.com/content/view/120366
This update upgrades libwnck to version 2.10.3 in order to work well with metacity 2.10.3. This updated package corrects the behavior of workspace switching when minized windows from a different workspace than the current workspace are activated.
http://www.linuxsecurity.com/content/view/120388
Updated pcre packages are now available to correct a security issue. This update has been rated as having moderate security impact by the Red Hat Security Response Team
http://www.linuxsecurity.com/content/view/120337
RedHat: Moderate: exim security update
8th, September, 2005
Updated exim packages that fix a security issue in PCRE and a free space computation on large file system bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/120339
RedHat: Critical: firefox security update
9th, September, 2005
An updated firefox package that fixes as security bug is now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/120352
RedHat: Critical: mozilla security update
9th, September, 2005
An updated mozilla package that fixes a security bug is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/120353
RedHat: Important: XFree86 security update
12th, September, 2005
Updated XFree86 packages that fix several integer overflows are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having important security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/120372
RedHat: Important: xorg-x11 security update
13th, September, 2005
Updated X.org packages that fix several integer overflows are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/120378
An updated Squid package that fixes security issues is now available. This update has been rated as having important security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/120391
Only registered users can write comments. Please login or register.
