LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: November 21st, 2014
Linux Security Week: November 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Advisory Watch: September 16th 2005 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas   
Linux Advisory Watch This week, advisories were released for apache, kdelibs, cvs, mod_ssl, tdiary, squid, mozilla, common-lisp, turqstat, slib, umb-scheme, psmisc, gtk, file, subversion, unzip, e2fsprogs, selinux-policy-targeted, firefox, mozilla, vte, xdelta, tvtime, dhcp, gnupg, util-linux, mc, libwnck, pcre, exim, and squid. The distributors include, Debian, Fedora, Gentoo, and Red Hat.


Master of Science in Information Security - Earn your Master of Science in Information Security online from Norwich University. Designated a "Center of Excellence", the program offers a solid education in the management of information assurance, and the unique case study method melds theory into practice. Using today's e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.

Using umask

The umask can be used to control the default file permission on newly-created files. The umask command controls the default file and directory creation mode for newly-created files and directories. It is recommended that you make root's umask 077, which will disable read, write, and execute permission for other users, unless explictly changed using chmod.

The umask command can be used to determine the default file creation mode on your system. It is the octal complement of the desired file mode. If files are created without any regard to their permissions settings, a user could inadvertently give read or write permission to someone that should not have this permission.

The umask for the creation of new executable files is calculated as follows:

  777 Default Permissions
 -022 Subtract umask value, for example
-----
  755 Allowed Permissions

So in this example we chose 022 as our umask. This shows us that new executables that are created are given mode 755, which means that the owner can read, write, and execute the binary, while members of the group to which the binary belongs, and all others, can only read and execute it.

The umask for the creation of new text files is calculated as follows:

 666 Default Permissions
-022 Subtract umask mask, for example
-----
 644 Allowed Permissions

This example shows us that given the default umask of 666, and subtracting our sample umask value of 022, new text files are created with mode 644, which states that the owner can read and write the file, while members of the group to which the file belongs, and everyone else can only read the new file. Typically umask settings include 022, 027, and 077, which is the most restrictive. Normally the umask is set in /etc/profile, so it applies to all users on the system. The file creation mask must be set while keeping in mind the purpose of the account. Permissions that are too restrictive may cause users to start sharing accounts or passwords, or otherwise compromise security. For example, you may have a line that looks like this:

# Set the user's default umask umask 033

Be sure to make root's umask to at least 022, which will disable write and execute permission for other users, unless explicitly changed using chmod(1).

READ ENTIRE ARTICLE:
http://www.linuxsecurity.com/content/view/117255/141/


LinuxSecurity.com Feature Extras:

Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.

Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.

Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple. If the feedback is good, I'll consider creating more complex guides for advanced users. Please let us know what you think and how these can be improved.

 

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-request@linuxsecurity.com with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.


  Debian: New Apache packages fix HTTP request smuggling
  8th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120330
 
  Debian: New kdelibs packages fix backup file information leak
  8th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120332
 
  Debian: New Apache2 packages fix several vulnerabilities
  8th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120338
 
  Debian: New cvs packages fix insecure temporary files
  9th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120343
 
  Debian: New mod_ssl packages fix acl restriction bypass
  12th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120360
 
  Debian: New tdiary packages fix Cross Site Request Forgery
  12th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120370
 
  Debian: New squid packages fix several vulnerabilities
  13th, September, 2005

Update package.

http://www.linuxsecurity.com/content/view/120374
 
  Debian: New Mozilla packages fix several vulnerabilities
  13th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120377
 
  Debian: New common-lisp-controller packages fix arbitrary code injection
  14th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120380
 
  Debian: New turqstat packages fix buffer overflow
  15th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120389
 
  Debian: New centericq packages fix several vulnerabilities
  15th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120392
 
  Fedora Core 4 Update: slib-3a1-3.fc4
  8th, September, 2005

*.scm and *.init scripts shipped with slib expect that slib is located directly in /usr/local/lib what's not true. This update fixes this problem.

http://www.linuxsecurity.com/content/view/120334
 
  Fedora Core 4 Update: umb-scheme-3.2-39.fc4
  8th, September, 2005

UMB-scheme package conflicts with the SLIB package by instalation of /usr/share/info/slib.info.gz. This update fixes the issue.

http://www.linuxsecurity.com/content/view/120335
 
  Fedora Core 4 Update: psmisc-21.5-5
  8th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120336
 
  Fedora Core 4 Update: glib2-2.6.6-1
  8th, September, 2005

GLib 2.6.6 fixes several bugs in the GOption cmdline option parser, in the GKeyFile keyfile parser, a possible deadlock with threadpools and several other bugs.

http://www.linuxsecurity.com/content/view/120340
 
  Fedora Core 4 Update: gtk2-2.6.10-1
  8th, September, 2005

GTK+ 2.6.10 fixes numerous bugs in the file chooser, the icon view, and some other widgets. See the release announcements at http://www.gtk.org for more details.

http://www.linuxsecurity.com/content/view/120341
 
  Fedora Core 4 Update: file-4.15-fc4.1
  9th, September, 2005

Several bug fixes and new magics.

http://www.linuxsecurity.com/content/view/120344
 
  Fedora Core 4 Update: subversion-1.2.3-2.1
  9th, September, 2005

This update includes the latest stable release of Subversion, including a number of bug fixes.

http://www.linuxsecurity.com/content/view/120346
 
  Fedora Core 3 Update: unzip-5.51-4.fc3
  9th, September, 2005

This update fixes TOCTOU issue in unzip.

http://www.linuxsecurity.com/content/view/120347
 
  Fedora Core 4 Update: util-linux-2.12p-9.10
  9th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120348
 
  Fedora Core 4 Update: e2fsprogs-1.38-0.FC4.1
  9th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120349
 
  Fedora Core 4 Update: selinux-policy-targeted-1.25.4-10.1
  9th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120350
 
  Fedora Core 3 Update: e2fsprogs-1.38-0.FC3.1
  9th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120351
 
  Fedora Core 4 Update: firefox-1.0.6-1.2.fc4
  10th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120354
 
  Fedora Core 3 Update: firefox-1.0.6-1.2.fc3
  10th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120355
 
  Fedora Core 4 Update: mozilla-1.7.10-1.5.2
  10th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120356
 
  Fedora Core 3 Update: mozilla-1.7.10-1.3.2
  10th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120357
 
  Fedora Core 3 Update: vte-0.11.14-3.fc3
  12th, September, 2005

Please report regressions to GNOME Bugzilla.

http://www.linuxsecurity.com/content/view/120361
 
  Fedora Core 4 Update: vte-0.11.14-3.fc4
  12th, September, 2005

Please report regressions to GNOME Bugzilla.

http://www.linuxsecurity.com/content/view/120362
 
  Fedora Core 4 Update: slib-3a1-4.fc4
  12th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120364
 
  Fedora Core 4 Update: xdelta-1.1.3-17.fc4
  12th, September, 2005

xdelta shipped with FC4 isn't compiled with large file support and uses obsolete glib-1.2 library. The libedsio symbols are missing from the installed libxdelta library. This release introduces xdelta ported to glib-2 and fixes the noted issues.

http://www.linuxsecurity.com/content/view/120365
 
  Fedora Core 3 Update: xdelta-1.1.3-16.fc3
  12th, September, 2005

xdelta shipped with FC3 isn't compiled with large file support and uses obsolete glib-1.2 library. The libedsio symbols are missing from the installed libxdelta library. This release introduces xdelta ported to glib-2 and fixes the noted issues.

http://www.linuxsecurity.com/content/view/120366
 
  Fedora Core 4 Update: tvtime-1.0.1-0.fc4.1
  12th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120367
 
  Fedora Core 4 Update: evolution-data-server-1.2.3-3.fc4
  12th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120368
 
  Fedora Core 4 Update: openssh-4.2p1-fc4.1
  12th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120369
 
  Fedora Core 4 Update: dhcp-3.0.2-22.FC4
  13th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120373
 
  Fedora Core 3 Update: gnupg-1.2.7-1
  14th, September, 2005

This update upgrades GnuPG from version 1.2.6 to version 1.2.7, fixing bug #139209 (~/.gnupg not created when gpg is first run), among others.

http://www.linuxsecurity.com/content/view/120383
 
  Fedora Core 4 Update: util-linux-2.12p-9.11
  14th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120384
 
  Fedora Core 3 Update: mc-4.6.1-2.FC3
  14th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120385
 
  Fedora Core 3 Update: util-linux-2.12a-24.5
  14th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120386
 
  Fedora Core 4 Update: mc-4.6.1a-0.12.FC4
  14th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120387
 
  Fedora Core 4 Update: libwnck-2.10.3-1
  14th, September, 2005

This update upgrades libwnck to version 2.10.3 in order to work well with metacity 2.10.3. This updated package corrects the behavior of workspace switching when minized windows from a different workspace than the current workspace are activated.

http://www.linuxsecurity.com/content/view/120388
 
  Gentoo: X.Org Heap overflow in pixmap allocation
  12th, September, 2005

An integer overflow in pixmap memory allocation potentially allows any X.Org user to execute arbitrary code with elevated privileges.

http://www.linuxsecurity.com/content/view/120363
 
  Gentoo: Python Heap overflow in the included PCRE library
  12th, September, 2005

The "re" Python module is vulnerable to a heap overflow, possibly leading to the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/120371
 
  RedHat: Moderate: pcre security update
  8th, September, 2005

Updated pcre packages are now available to correct a security issue. This update has been rated as having moderate security impact by the Red Hat Security Response Team

http://www.linuxsecurity.com/content/view/120337
 
  RedHat: Moderate: exim security update
  8th, September, 2005

Updated exim packages that fix a security issue in PCRE and a free space computation on large file system bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120339
 
  RedHat: Critical: firefox security update
  9th, September, 2005

An updated firefox package that fixes as security bug is now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120352
 
  RedHat: Critical: mozilla security update
  9th, September, 2005

An updated mozilla package that fixes a security bug is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120353
 
  RedHat: Important: XFree86 security update
  12th, September, 2005

Updated XFree86 packages that fix several integer overflows are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120372
 
  RedHat: Important: xorg-x11 security update
  13th, September, 2005

Updated X.org packages that fix several integer overflows are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120378
 
  RedHat: Important: XFree86 security update
  15th, September, 2005

This update has been rated as having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120390
 
  RedHat: Important: squid security update
  15th, September, 2005

An updated Squid package that fixes security issues is now available. This update has been rated as having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120391
 

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.