symmetric-encryption icon indicating copy to clipboard operation
symmetric-encryption copied to clipboard

Published 20 hours ago verified publisher icon reidmorrison

Allow the system owner to specify the key owner

Open samnissen opened this issue 5 years ago • 2 comments

Fixes #139

I tried to write a test for this, but cannot reliably change the file ownership.

it 'raises an exception when the file is owned by others' do
  FileUtils.chmod 0o777, Dir.glob("#{the_test_path}/*")
  keystore.write('TEST')

  user = nil
  Etc.passwd { |u| break user = u unless Etc.getlogin == u.name }
  username = user.name
  groupname = Etc.getgrgid(user.gid.to_i).name
  
  FileUtils.chown username, groupname, Dir.glob("#{the_test_path}/*")
  FileUtils.chmod 0o600, Dir.glob("#{the_test_path}/*")
  assert_raises { keystore.read }
end

causes:

  1) Error:
SymmetricEncryption::Keystore::File::#write, #read#test_0003_raises an exception when the file is owned by others:
Errno::EPERM: Operation not permitted @ apply2files - tmp/keystore/file_test/tester.key.1574679581
    /Users/samuel.nissen/.rvm/rubies/ruby-2.6.3/lib/ruby/2.6.0/fileutils.rb:1329:in `chown'
    /Users/samuel.nissen/.rvm/rubies/ruby-2.6.3/lib/ruby/2.6.0/fileutils.rb:1329:in `chown'
    /Users/samuel.nissen/.rvm/rubies/ruby-2.6.3/lib/ruby/2.6.0/fileutils.rb:1046:in `block in chown'
    /Users/samuel.nissen/.rvm/rubies/ruby-2.6.3/lib/ruby/2.6.0/fileutils.rb:1045:in `each'
    /Users/samuel.nissen/.rvm/rubies/ruby-2.6.3/lib/ruby/2.6.0/fileutils.rb:1045:in `chown'
    /Users/samuel.nissen/Development/symmetric-encryption/test/keystore/file_test.rb:106:in `block (3 levels) in <class:FileTest>'

samnissen avatar Nov 25 '19 11:11 samnissen

The problem with this solution is that it still ties the ownership check to a single user account. In our environment we find that Rails is run by multiple different users depending on whether the app is being deployed, served, or run in the console. So I see two possible solutions:

  1. Allow the ownership check to be bypassed altogether
  2. Match the keyfile's group to one of the groups of the process ID's login

ablock avatar Dec 25 '21 15:12 ablock

Yes, this specific check to ensure that the file is owned by the current user has caused difficulties for anyone not running under that scenario. Works for most, but there are legitimate cases where bypassing this check would be reasonable.

How about a config option that will tell it to ignore this file ownership check?

Something like:

SymmetricEncryption.skip_ownership_check!

reidmorrison avatar Dec 31 '21 18:12 reidmorrison