wormhole-william
wormhole-william copied to clipboard
Set stricter directory permissions
Directory transfer of the transit protocol use the zip format internally to transfer a bunch of files/directories from the sender to the recipient. The recipient, creates the destination directory and unzips the zip file to recreate the directory that was sent by the sender. This process is transparent to the user.
This PR address two issues:
- wormhole-william is using
0777
for directory permissions at the creation time. This seems excessive. I believe, this was discussed in the past, but I can't find the right issue at the moment. We set it to a stricter0700
. - For a wormhole-william to wormhole-william transfer on Un*x based systems (macOS, GNU/Linux), the file permissions on the sender side are restored at the recipient side as well. Sender is already sending the permission bits in the attributes field of the zip file entry. These bits are restored upon receive.
We've had some discussion about file permission bits in the past here: https://github.com/psanford/wormhole-william/pull/33#issuecomment-792350206.
The current code sets the permission to 0777 so that we respect the user's umask. This allows users to set their permissions to be as restrictive or permissive as they are comfortable with. We likewise do the same thing implicitly with the creation of files in those directories.
I believe this matches the behavior of the python magic-wormhole implementation.
The current code sets the permission to 0777 so that we respect the user's umask. This allows users to set their permissions to be as restrictive or permissive as they are comfortable with. We likewise do the same thing implicitly with the creation of files in those directories.
The reason for choosing 0700
is to have a more paranoid approach to privacy. I understand the idea of respecting user's umask
. Since umask
only makes the given permissions stricter, in my humble opinion, choosing a more secure default would not do any harm.