[tahoe-lafs-trac-stream] [Tahoe-LAFS] #2535: Magic Folder: permissions of downloaded files are not set according to the user's umask
Tahoe-LAFS
trac at tahoe-lafs.org
Mon Jan 4 13:43:14 UTC 2016
#2535: Magic Folder: permissions of downloaded files are not set according to the
user's umask
-------------------------------------+-------------------------------------
Reporter: dawuud | Owner: daira
Type: defect | Status: closed
Priority: normal | Milestone: undecided
Component: code-frontend- | Version: 1.10.1
magic-folder | Keywords: magic-folder
Resolution: fixed | permissions security usability unix
Launchpad Bug: | docs-needed
-------------------------------------+-------------------------------------
Comment (by daira):
The current approach is undesirable because the `os.umask` in the finally
block could fail, leaving an unsafe umask for the whole node process.
Using `os.open` with a mode argument wouldn't work because the umask
specified by twistd (0077) would still be masked off, both when creating
the file and when creating any ancestor directories that do not already
exist. It appears that the only safe way for a Unix process to atomically
set an arbitrary umask when creating a file, without setting its own
process-wide umask, is to create a subprocess that will have the desired
umask.
Here, we don't need atomicity for setting the umask of the replacement
file, so we could use `chmod` to relax the permissions from the ones that
result from the twistd umask. However we would also need to chmod any
created directories. Reopening as a reminder to change it to use this
method.
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2535#comment:20>
Tahoe-LAFS <https://Tahoe-LAFS.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list