Unsafe file and directory permissions
Bug #1235975 reported by
Jamie Strandboge
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu system image |
Fix Released
|
Critical
|
Barry Warsaw | ||
system-image (Ubuntu) |
Fix Released
|
High
|
Unassigned |
Bug Description
# ls -ld /var/log/
drwxrwxrwx 2 root root 4096 Sep 24 16:02 /var/log/
# ls -l /var/log/
-rw-rw-rw- 1 root root 23927 Oct 6 09:11 /var/log/
# ls -ld /tmp/system-image/
drwxrwxrwx 2 root root 260 Oct 6 09:11 /tmp/system-image/
Also, predictable temporary file (/tmp/system-
# system-image-cli -i
current build number: 78
device name: mako
channel: stable
last update: 2013-10-03 13:05:32
version version: 78
version ubuntu: 20131003
version device: 20131002.1
Changed in system-image (Ubuntu): | |
importance: | Undecided → High |
tags: | added: client |
Changed in ubuntu-system-image: | |
importance: | Undecided → Critical |
status: | New → Triaged |
assignee: | nobody → Barry Warsaw (barry) |
milestone: | none → 1.9 |
Changed in ubuntu-system-image: | |
milestone: | 1.9 → none |
Changed in ubuntu-system-image: | |
status: | In Progress → Fix Committed |
Changed in system-image (Ubuntu): | |
status: | In Progress → Fix Committed |
Changed in ubuntu-system-image: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
stgraber also suggested in IRC that /tmp may not be a good idea since that's tmpfs backed and possibly limited in size. The base directory is configurable in /etc/system- image/client. ini but maybe /var/tmp/ system- image would be a better default base dir. It would have to be made writable though.
I suggest using tmpfile.mkdtemp() to provide a secure unpredictable temporary directory inside that basedir for a download session. One implication of this though is that if the s-i-dbus process exits, it really should clean up this temporary, er temporary directory. Which means that once it exits, the downloaded files will be discarded. So if, as in LP: #1236818 you start the download, but leave your phone unattended for long enough, s-i-dbus will exit and you'll have to restart the whole process again.
Or, I suppose, that temporary temporary directory could be cleaned up only prior to apply-and-reboot, and if the process exits due to timing out, we'd have to persist the fact that that tempdir was created. I'll leave that to LP: #1236818.