-
-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Set file permissions for created files #1842
Conversation
Removed creating icon cache dir as it's done on startup
This isn't a full audit of all places files are created, but it covers most. Intentionally not set them on the image cache, as they're not sensitive.
Does it run only when the file is created so it could not break read only file system mounts ? |
It always happens after files are written, so the write would fail before this would. |
This doesn't cover the SQLite DB file. It would probably be much simpler to just |
Maybe better to set an umask in the entry file? Since this is only a concern for docker run instances. |
I'd say this is still a concern to non docker users, it's general file permissions. Setting a What I don't know is whether |
It will only work within a docker layer. Also, if someone runs it outside of docker, then the application would use the umask of the system or the init/systemd part, same goes for MacOS. And, what if i do not want it to have 600, but 664 or 644 or whatever. |
I'm not inclined to merge this PR. I still think adding a umask would be the best option here, and this will only add extra overhead. |
This approach is likely to miss some points in the code where files are created and the way the mode is set is inherently racy which is also very bad if this is really meant as a protection against attacks...
Both of these feel like cleaner solutions and I think the former would be the "usual" approach to this and how most linux packages are set up when storing some secrets. |
I'm going to close this stale PR. Also, calling the the permissions setting during every storage is an other IO call, which only slows down, and i like to prevent that. |
Fixes #1784
This isn't a full audit of all places files are created, but it covers most. Intentionally not set them on the image cache, as they're not sensitive.
It only works on unix, because that's the only place permissions like this work. It should work fine under docker even if docker isn't run on unix.
This also reuses the existing
write_file
util in a few places which custom implemented it.