system@aurum.chem.utoronto.ca (System Admin (Mike Peterson)) (03/01/91)
Tar is creating file archives with 666 permissions, ignoring the umask specified by the user (and the ACL specified for new files). Example: tar cvf tar.archive ~/.[a-z]* The 'tar.archive' file then has permissions: -rw-rw-rw- 1 system staff 187904 Feb 28 16:04 tar.archive This is a breach of security since any user can then write over the tar archive. This is new as of SR10.3/SR10.3.p as far as I know, and we use the BSD environment. I don't know of a workaround (although I do scan all user directories every month for files with "write" permissions for group/other - it would be much too late by then, and I don't scan the system software area (yet, but I'll be starting now) ). I will post our hourly, daily and monthly automated system checks one of these days. -- Mike Peterson, System Administrator, U/Toronto Department of Chemistry E-mail: system@alchemy.chem.utoronto.ca Tel: (416) 978-7094 Fax: (416) 978-8775