acd_cli icon indicating copy to clipboard operation
acd_cli copied to clipboard
verified publisher icon yadayada

umask applies wrong permissions

Open xelra opened this issue 9 years ago • 5 comments

I've set umask 007 which should apply permissions of 770 to directories and 660 to files. Instead it applies 770 to both directories and files.

I've confirmed this security critical bug on 2 systems.

xelra avatar Nov 09 '16 18:11 xelra

~~You need to use octal notation, so put 0o007 instead.~~

I've confirmed this security critical bug on 2 systems.

There is no security gain from setting the umask. Permission checking is not implemented.

yadayada avatar Nov 09 '16 20:11 yadayada

You need to use octal notation, so put 0o007 instead.

Using octal notation doesn't seem to work at all. I've tried a few different combinations, but they all failed. When I enter a umask in octal notation, it doesn't accept the entry at all, resulting in 777 permissions for everything.

I've looked this up in a few more places. Is this maybe a bug in the os package of Python? The wrong application of umask?

There is no security gain from setting the umask. Permission checking is not implemented.

Maybe not for ACD, but on my system it sure is. This is not a single user environment. When I allow_other, the access to the mount is controlled by POSIX permissions. Mode, owner and group.

xelra avatar Nov 09 '16 22:11 xelra

Sorry, I misread your question.

the access to the mount is controlled by POSIX permissions. Mode, owner and group.

I was under the impression that, since setting the reading and writing permission flags had no effect, the umask parameter had no effect at all. But I see that setting the executable flag does work.

It seems to me the umask behavior is correct, but usually at file creation the x bit would not be set. [I get mode 33204 at create calls.] acd_cli does not preserve the requested permissions, so you end up with the default permission 770 for files.

I guess you want a dmask and fmask parameter added, then?

yadayada avatar Nov 10 '16 06:11 yadayada

I think that the umask parameter should suffice. What is probably going wrong here is that both files and directories request 777 permission, but only directories should request 777 and files 666.

Now let's say you apply most Linux distros default umask of 022, then for directories that is 777 minus 022 and results in 755 (rwxr-xr-x) and for a file that is 666 minus 022 and results in 644 (rw-r--r--).

I think the only thing that needs changing is that files only request 666.

Of course now umask 007 applied to a file would actually result in a mode of 66-1. I hope the os package does handle this correctly and instead set 660.

EDIT: I've given this more thought. I guess it is kinda special, because you cannot re-apply permissions. On a standard POSIX filesystem, a file would get created with 666 permission. If you want that file executable, then you can just apply the execute bit and it will be permanent. On the ACD mount is is different though. Because one cannot change the permission of a single file and make it stick. So it wouldn't be possible to store executables with rwx on ACD then.

So I guess yes. It will probably need to be split into dmask and fmask like you proposed.

xelra avatar Nov 10 '16 12:11 xelra

So I guess yes. It will probably need to be split into dmask and fmask like you proposed.

Seems to be the way to go. Passing a umask as mount option overrides the (hardcoded) permissions (777 for folders and 666 for files) returned by getattr, anyway.

yadayada avatar Nov 10 '16 19:11 yadayada