Foreman » Smart Proxy

The proxy daemon runs with a umask of 0:

(gdb) call umask(0)
$1 = 0

The files and directories it creates all have world-writable bits set, which is dangerous:

-rw-rw-rw-. 1 foreman-proxy foreman-proxy 104 Nov  7 14:51 /var/log/foreman-proxy/access.log
drwxrwxrwx. 2 foreman-proxy foreman-proxy     4096 Oct 28 22:07 /var/lib/tftpboot/boot
-rw-rw-rw-. 1 foreman-proxy foreman-proxy 24337760 May 22 20:55 /var/lib/tftpboot/boot/Fedora-17-x86_64-initrd.img
-rw-rw-rw-. 1 foreman-proxy foreman-proxy  4662160 May  7  2012 /var/lib/tftpboot/boot/Fedora-17-x86_64-vmlinuz
drwxrwxrwx. 2 foreman-proxy foreman-proxy     4096 Oct 28 22:34 /var/lib/tftpboot/pxelinux.cfg
-rw-rw-rw-. 1 foreman-proxy foreman-proxy      161 Oct 28 21:19 /var/lib/tftpboot/pxelinux.cfg/default