New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
FTL database shouldn't be readable by unprivileged users #5569
Comments
This issue is stale because it has been open 30 days with no activity. Please comment or update this issue or it will be closed in 5 days. |
Still relevant |
Thanks for your suggestion and sorry for the huge delay. I will make sure to submit this as a change into the currently running public Pi-hole v6.0 beta round. |
This issue is stale because it has been open 30 days with no activity. Please comment or update this issue or it will be closed in 5 days. |
Apaprently the never-stale label does not work here.. changed to a known working one for now |
Note about the
pi-hole/.github/workflows/stale.yml Line 27 in 5490a6e
There is a different workflow for PRs. That workflow has a different set of labels and includes pi-hole/.github/workflows/stale_pr.yml Line 31 in 5490a6e
|
Somewhat related: Could it be a solution to make the files in https://github.com/pi-hole/pi-hole/blob/master/automated%20install/basic-install.sh#L1923 |
Expected behavior
FTL database is private.
Actual behavior / bug
Any users on the system can read the database and gather information about pihole usage patters, domains visited, etc.
Steps to reproduce
Observe that the database at
/etc/pihole/pihole-FTL.db
has-rw-rw-r--
permissions.pi-hole/advanced/Templates/pihole-FTL-prestart.sh
Line 27 in 19bfa08
Additional context
DNS logs are already configured with
-rw-r-----
but the database contains a lot more data and for a longer timespan.The text was updated successfully, but these errors were encountered: