New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ensure we have right perms on saveconfig #172
Conversation
Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
targetcli/ui_root.py
Outdated
| finally: | ||
| os.umask(umask_original) | ||
| else: | ||
| if (os.stat(backup_dir).st_mode & 0o777) != mode: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This will prevent the root user from changing the dir's permissions (targetcli will overwrite them). Probably no one really cares but maybe we should let the install scripts to take care of that?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
saveconfig.json file will always be created 0600 every time
So no point even if the admin sets 0644 or even wider 777 on /etc/target, users cannot open saveconfig.json
|
Tested, looks ok to me |
|
Hi, looking trough the CVE feed from MITRE, this issue seems to have been assigned CVE-2020-13867. |
|
Note: the fix for this issue caused another issue: now targetcli always changes the directory where config files are saved to 0600, even if it is not /etc/target (e.g. /tmp, /dev, /etc). See #198 |
Ensure to :