Re: negative group permissions?
On Wed, 2012-02-29 at 13:21 +0000, jb wrote:
> jb <jb.1234abcd <at> gmail.com> writes:
>
> > ...
> > I would suggest (if you can) that you change the .seq permissions to 0664 and
> > watch what happens to it - the purpose is to narrow down who/what changed its
> > mode.
> > Some history. logs. and some ad hoc "watch script" would do it.
>
> Take a look at "notify" feature (file, dir, event).
> http://www.freebsd.org/cgi/ports.cgi?query=notify&stype=all
> jb
I don't understand why everyone is focused on the 641 mode the file ends
up with. The code creates the file using 0661, and under a umask of 022
you end up with a file with 0641 permissions. How the write bit
disppeared from the group permissions doesn't seem to be germane to the
real question of why the code specifies world-exec access.
I don't think it's a legitimate attempt to leverage the negative
permissions quirk, because it doesn't effectively do so. It's not a
directory or executable file in the first place, so making it executable
for everyone except the owner and group is not some sort of subtle
security trick, it's just meaningless. I think the code is long overdue
for a fix to 0660 permissions when creating the file.
-- Ian
_______________________________________________
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 11 之 20 篇):