Skip to content

Bug: setup.sh continues even if creating ~/archivebox/data fails, causing chown of contents of dir the script is run from #1584

@1over137

Description

@1over137

Not a security vulnerability (at least in a way I can think of)
I assume I'm just very unlucky today and I triggered a somewhat dangerous bug in https://github.com/ArchiveBox/ArchiveBox/blob/dev/bin/setup.sh.

Preconditions

  • No docker-compose binary (N.B. I don't think this binary is shipped anymore, so that detection will never pass, you might want to consider changing this)
  • Having already previously manually ran a command like this, which initializes a archivebox data folder:

docker run -v ~/archivebox:/data -it -d -p 8000:8000 --name=archivebox archivebox/archivebox:latest init --setup

Notice that this chown's ~/archivebox, resulting in permission denied if you try to cd in it. This sets the stage for the bug.

Bug

Going through setup.sh, starting at line 52

mkdir -p ~/archivebox/data

This fails, but the script continues.
cd ~/archivebox

This fails, but the script keeps running. We are still in the user's home!
cd ./data

This fails, but the script keeps running. We are still in the user's home!
docker run -v "$PWD":/data -it --rm archivebox/archivebox:latest init --setup

This fails because it will refuse to init if folder is non-empty. We are still in the user's home!
docker run -v "$PWD":/data -it -d -p 8000:8000 --name=archivebox archivebox/archivebox:latest

This runs in the user's home. Many files get chown'd to the user ID 911, including the user's home directory itself. This renders the user unable to access his own files, and requires root to recover.

Some general advice

In general, any commands that can possibly fail in a shell script, when it fails unexpectedly (like the first mkdir -p command) should terminate the entire script. You might want to include a die function and use mkdir -p ~/archivebox/data || die, then it would have killed the script instead of letting it keep going.

Reference: https://stackoverflow.com/questions/7868818/in-bash-is-there-an-equivalent-of-die-error-msg

Questions

What does the program do after that command runs besides chown'ing the files? I'm considering recovering from a backup in case it changed any files.

Metadata

Metadata

Assignees

Labels

size: easystatus: doneWork is completed and released (or scheduled to be released in the next version)why: securityIntended to improve ArchiveBox security or data integrity

Type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions