Package: python-daemon Version: 1.5.5-1 Severity: minor As reported by Michael Hrivnak <mhriv...@redhat.com>, the default umask of 0 is insecure for processes; files created will be world-readable and world-writable by default.
The standard procedure for creating a Unix daemon entails setting the process's umask to 0, leaving it to the program to choose a specific umask to suit its purpose. This default is known to be insecure, but the security impact is not mentioned in the ‘python-daemon’ documentation. Please add a note in the API documentation for the ‘umask’ option, alerting the user to choose a specific secure umask value. -- \ “If you're a young Mafia gangster out on your first date, I bet | `\ it's real embarrassing if someone tries to kill you.” —Jack | _o__) Handey | Ben Finney <b...@benfinney.id.au>
signature.asc
Description: Digital signature
