New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ensure File.open applies default umask on gem extract #7300
Conversation
27cccf6
to
aa21cbb
Compare
aa21cbb
to
388fb83
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks good to me!
The only thing intentionally being reverted is 3211b16. I agree it's best to respect umask by default, and I would treat this as a security fix, but let me ask @nobu in case there was some reason we are missing for that change.
@nobu Is it ok for us to revert 3211b16? Do you remember of any issues with the default umask being respected? Perhaps it was just for consistency with it not being respected in other places?
@deivid-rodriguez @nobu If there's a problem with this PR, #7299 would be the right one to switch to, with maybe an intentional Is there a test we could add? |
mmm so in few words, #7299 is more backwards compatible (defining that by our existing tests) but less secure? |
Yes. On my system #7299 doesn't clear setuid/setgid bits on files. Allowing File.open to do its default clears those bits. This implies that |
Thanks for explaining. Are you comfortable then with shipping this as a security fix? I think I am. |
I prefer this version, but there's an untested implied behavior in the original commit by @nobu that may mean some gems on some systems don't get their 0700 set. (Edit: I take that back, the chmod will set to prog_mode or 0755 no matter what. I'm not sure about the 0700...) |
I see. Let's wait for @nobu's feedback then. |
This change break some of our CI https://app.travis-ci.com/github/ruby/ruby/jobs/615527743 |
This is an alternate to #7299
What was the end-user or developer problem that led to this PR?
Global and group write permissions are possible in gems.
What is your fix for the problem, implemented in this PR?
Allow File.open to handle applying the default umask.
Non-backwards-compatible change: This drops previously tested persistence of extended file modes.
Make sure the following tasks are checked