arkade icon indicating copy to clipboard operation
arkade copied to clipboard

Published 20 hours ago verified publisher icon alexellis

Check for temp directory write permission before downloading binary

Open yankeexe opened this issue 3 years ago • 9 comments

Check if the user has permission to write to $TMPDIR before downloading binary. Else the following issue occurs:

$~ arkade get inletsctl
Downloading inletsctl
https://github.com/inlets/inletsctl/releases/download/0.8.2/inletsctl.tgz
Error: check with the vendor whether this tool is available for your system: open /tmp/inletsctl.tgz: permission denied

Expected Behaviour

If the user running arkade does not have permission to write to $TMPDIR, show error messaging stating such.

Current Behaviour

Shows Binary Download prompt and fails on accessing $TMPDIR to store binary.

Are you a GitHub Sponsor (Yes/No?)

Check at https://github.com/sponsors/alexellis

  • [ ] Yes
  • [x] No

Possible Solution

Check for writable permission to $TMPDIR before downloading the binary

tmp := os.TMPDIR()

info, err := os.Stat(tmp)
if err != nil {
panic(err)
}
     
permission := info.Mode().Perm()

Steps to Reproduce (for bugs)

  1. Create any random directory: mkdir test-temp
  2. Change directory mod to 100: chmod 100 test-temp
  3. Make it the default temp directory: export TMPDIR=<absolute-path-to-'test-temp'-directory>
  4. Run arkade get <any-binary>

Your Environment

  • Operating System and version (e.g. Linux, Windows, MacOS):
Linux  5.10.56-1  x86_64 GNU/Linux
  • What arkade version is this?
0.7.25

yankeexe avatar Aug 14 '21 02:08 yankeexe

/add label: proposal

yankeexe avatar Aug 14 '21 02:08 yankeexe

@alexellis Can you please take a look at this? :slightly_smiling_face:

yankeexe avatar Aug 14 '21 02:08 yankeexe

Sounds good to me, do you want to try it out in a PR?

alexellis avatar Aug 18 '21 11:08 alexellis

@alexellis I will create a draft PR

yankeexe avatar Aug 18 '21 23:08 yankeexe

Thanks @yankeexe, no need to make it a draft however.

alexellis avatar Aug 27 '21 10:08 alexellis

I can open this as a new bug if needed, but seeing as it's closely related to this issue...

arkade should use a temporary 'tempdir' when downloading, rather than writing to the root $TMPDIR. Otherwise there may be issues if there are equivalent files already present - either being unable to write that file, or accidentally overwriting an existing file.

E.g (when running arkade as non-root user):

sudo touch /tmp/kubectl
arkade get kubectl
Error: open /tmp/kubectl: permission denied

Or in reverse:

$ echo "Some text" >/tmp/kubectl
$ file /tmp/kubectl
/tmp/kubectl: ASCII text

$ sudo arkade get kubectl
$ file /tmp/kubectl
/tmp/kubectl: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, stripped

mrichar1 avatar Jan 23 '23 10:01 mrichar1

Hi @mrichar1

I've seen this a few times when I've put my own files into /tmp that conflict on name.

A unique tempdir name would get around that, I don't have a problem with you sending a PR.

What brought you here? Did you run into this issue yourself?

Alex

alexellis avatar Jan 24 '23 07:01 alexellis

Yes - I hit this when switching from running as root to running non-root, and was looking through existing issues to see if it had already been reported. Happy to have a go at drafting a separate PR for this.

mrichar1 avatar Jan 24 '23 11:01 mrichar1

Thanks a PR would be great @mrichar1

alexellis avatar Jan 24 '23 11:01 alexellis