Changes between Initial Version and Version 1 of Ticket #12373, comment 12


Ignore:
Timestamp:
Sep 17, 2015, 9:03:25 AM (9 years ago)
Author:
ttcoder

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #12373, comment 12

    initial v1  
    2626If you look at OpenSSH for example, it's software that has a very precise idea of what each file's permission should be: the private RSA keys ''must not'' be group-readable and world-readable, regardless of the umask. They likely have parts of their makefiles or build scripts that hardcode access to certain files in their "packages", simply because in some cases those permissions serve a different purpose than umask (which serves a purpose for day-to-day tasks, creating new files, not building packages or operating systems). Other examples include executables that are "special", like `su`, with the 's' bit to "inherit-root-privileges" (or conversely, "do *not* inherit privileges"). If their makefiles/jamfiles relied on the umask to get the correct right that would be a security risk. Rights are (rightly) hardcoded for these. Deviations from these hard-codings should be like changing the source code in .cpp files : something to do for tinkerers and tweakers, not left to such general states as the general umask IMHO. Might be missing something though, as my perspective is colored by my being an app developer, not an OS developer..
    2727
     28EDIT: the most use of umask I could imagine, and even that is a stretch, is if the configure script had a smartty-pants detector that went, "I see that you are about to build Haiku from a machine that has such and such umask, do you want to create the Haiku build with an /etc/profile that invokes the umask command with that same value?". -- But even that is a stretch of an enhancement: if somebody wants to build a Haiku image with a customized umask in said image's /etc/profile, there are better ways to do that.. But yea, the generated /etc/profile is the most I can imagine having to do with the umask, the system files should be the responsibility of the build system IMHO.
    2829