rpi-imager icon indicating copy to clipboard operation
rpi-imager copied to clipboard

Published 20 hours ago verified publisher icon raspberrypi

imagewriter: Force permissions on settings to 600

Open tdewey-rpi opened this issue 1 year ago • 6 comments

Use this mechanism to replace an older scheme that fully read and then fully wrote the file.

Resolves #770

tdewey-rpi avatar Jan 05 '24 15:01 tdewey-rpi

Upon information and belief QSettings does not create any file on disk until you either call sync() or the QSettings object is destructed.

You are now correcting permission on Imager's start (ImageWriter's constructor), if the .conf file exists at that time.

So let's imagine that I have never used Imager before (so .conf does not exist yet), use it to write the single SD card I have, and then won't be using Imager for a while. What permissions will the .conf in my home directory after using Imager that only time have?

Also be aware that on Windows the fileName() returned will be a registry key. While you are probably saved by your file existence check, you may wish to #ifndef Q_OS_WIN the code just in case.

maxnet avatar Jan 05 '24 16:01 maxnet

A fair comment - and I'll see if we can compel QSettings into creating a file with the appropriate permissions.

tdewey-rpi avatar Jan 05 '24 16:01 tdewey-rpi

A fair comment - and I'll see if we can compel QSettings into creating a file with the appropriate permissions.

Think that it is not doing that, may actually be a long term Qt bug.

https://github.com/qt/qtbase/blob/dev/src/corelib/io/qsettings.cpp#L1509-L1513

Don't think the "fileInfo.permissions() |" part is supposed to be there. But getting such things fixed upstream may be problematic. Change in behavior, etc.

maxnet avatar Jan 05 '24 16:01 maxnet

Agreed - this looks like an upstream issue. I've just had a test of the scenario you describe - and sure enough after a sync() we get a 644 file.

The only comprehensive fix I can see with the QSettings API is to register our own read & write functions, and then re-implement the body of the QSettings file reader and writer. Deeply undesirable, but might be the only way to coerce it into doing the right thing.

https://doc.qt.io/qt-6/qsettings.html#registerFormat

tdewey-rpi avatar Jan 05 '24 16:01 tdewey-rpi

Chances are you may also be able to (ab)use the umask() syscall to change default file creation mode.

As in put somewhere at the top of main()

#ifdef Q_OS_LINUX
   /* set umask to octal 077 resulting in files being created rw------- by default */
   umask(0077);
#endif

maxnet avatar Jan 05 '24 17:01 maxnet

@cillian64 If you have bandwidth, might be worth looking at this horror as mentioned earlier. Ignoring that it's a TOC/TOU problem, in the near-term we can probably address it by bunding a setPermissions(...) call on the back of every flush().

tdewey-rpi avatar Jan 08 '24 14:01 tdewey-rpi