New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Duplicati file permissions on Linux reveals sftp passwords to all #3278
Comments
The clear text password in the above screenshot has been whited out. |
I'm using sftp and this bothered me too. When using an ssh keyfile for login, you can easily avoid this problem. |
First issue: If a user is not aware of the issue, they wouldn't know to move to using a ssh keyfile. Second issue: My target is a Synology NAS. There is no way to set up the use of ssh keyfiles via their GUI. While I can log in to the NAS to set up a keyfile, Synology's security mechanisms will interfere with this when rebooted. In any case, a user sophisticated enough to set up a ssh keyfile login would - once aware of the issue - just manually change the access permissions for duplicati's directories and files. The goal of this request is for users to not need to be informed of this in order that they then manually fix this. A default installation/average use of duplicati should protect users from being vulnerable to a major security breach. |
This should be fixed, not only because of sftp passwords, but more generally because of sensitive data these sqlite files contain. On Windows it's probably the same as described above. Edit: Apparently on Windows the database is encrypted though with a default password. |
Why isn't the database encrypted on Linux? |
@digulla comment in Program.cs:543 --
|
Thanks for clearing that up. |
Closing this in favor of #2024, which discusses utilizing the system keychain if available. |
Environment info
Description
By default, on most Linux systems, file permissions include everyone having read access to everyone's files. I.g., the default umask on many distributions (including openSUSE) is 0022, allow group and others all permissions except write.
This is a particular problem with .config/Duplicati/Duplicati-server.sqlite, since it contains - in clear text - my sftp password - which is also my login password on the target system.
The permissions for .config/Duplicati/ and for all duplicati files should explicitly be set by installation and/or all duplicati programs execution to deny read, write and execute/browse permissions to group and other, only allowing the owner access to the directories and files.
Steps to reproduce
Anyone can open anyone's Duplicati-server.sqlite file and view stored passwords - with passphrase record in clear text. They and also modify any records desired, changing options or corrupting the database.
Unable to open anyone's duplicati files except their own. Duplicati installation and/or program execution should explicitly set directly and file permissions to protect files from other users.
Screenshots
Debug log
The text was updated successfully, but these errors were encountered: