hashfile is world readable #262
Comments
lorddoskias
added a commit
to lorddoskias/duperemove
that referenced
this issue
Mar 2, 2021
The argument was made that since the hashfile contains paths and content hashesh for files and directories that are otherwise protected by the filesystem permissions. Fix this by explicitly setting the permissions for a newly created database file to 600. close markfasheh#262
lorddoskias
added a commit
to lorddoskias/duperemove
that referenced
this issue
Mar 2, 2021
The argument was made that since the hashfile contains paths and content hashesh for files and directories that are otherwise protected by the filesystem permissions. Fix this by explicitly setting the permissions for a newly created database file to 600. close markfasheh#262
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When duperemove creates a new hashfile, it gets created with the default umask, so typically 0644 or world readable by default.
This poses a security risk, as it contains directory listings and content hashes for files and directories that are otherwise protected by filesystem permissions.
The hashfile should be created with 0600 permissions only. (Ideally the sysadmin should create it in a private directory, but quick invocations will typically just use /tmp or similar)
The text was updated successfully, but these errors were encountered: