Package: base-files
Version: 10.3+deb10u8
Severity: normal
In /usr/share/base-files/dot.bashrc (which is copied to /root/.bashrc
at package installation) the umask command is commented out, with this
explanation:
# Note: PS1 and umask are already set in /etc/profile. You should not
# need this unless you want different defaults for root.
That's not true anymore: umask is not set in /usr/share/base-files/profile
(copied to /etc/profile) or in /usr/share/base-files/dot.profile (copied
to /root/.profile).
As a result, umask for the superuser is never set explicitly, just
inherited, perhaps from an unprivileged shell. Which can have unpleasant
effects:
$ id -u
1000
$ umask
0027
$ su -
Password:
# id -u
0
# umask
0027
# dpkg-reconfigure pkg-that-updates-some-index-supposed-world-readable
It's a corner case, limited to users that change their umask from the
default value, but you know, "the road to hell is paved with default
values".
Best regards,
g.b.
-- System Information:
Debian Release: 10.8
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-14-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled
Versions of packages base-files depends on:
ii gawk [awk] 1:4.2.1+dfsg-1
ii mawk [awk] 1.3.3-17+b3
ii original-awk [awk] 2012-12-20-6
base-files recommends no packages.
base-files suggests no packages.
-- no debconf information
