Wrapper around umask when it's part of the shell and not a binary.

Posted on

I was looking to place a wrapper around the umask command, trying to understand why Rapid7 and other security scanners keep telling us the UMASK is set to 0022 when we've set environmental variables to be 0077. After removing the binary (/usr/bin/umask) I can still run the "umask" command:

[root@hostname ~]# which umask
/bin/umask
[root@hostname ~]# rm /bin/umask
rm: remove regular file ‘/bin/umask’? y
[root@hostname ~]# which umask
/usr/bin/which: no umask in (/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin)
[root@hostname ~]# umask
0077
[root@hostname ~]#

I've tried strace and some other things, but since there is no binary file, everything just ends with "file not found".

  • So is there any way to place a wrapper around the built-in shell "umask" command? *

Please note that /bin is a symlink to /usr/bin, so no one jump me for not "deleting the binary". :)
Also, yes, I'm logged on as root.

RV

Responses