[ostree] fetcher: Use 0666 (-umask) for temporary files
- From: Colin Walters <walters src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [ostree] fetcher: Use 0666 (-umask) for temporary files
- Date: Thu, 27 Aug 2015 15:36:57 +0000 (UTC)
commit 0110183675c4427eeee4ce5fb92f5db2bf6b333f
Author: Colin Walters <walters verbum org>
Date: Wed Aug 26 15:41:39 2015 -0400
fetcher: Use 0666 (-umask) for temporary files
There's no reason to keep them hidden. I have a hard policy that
OSTree should *not* be used to carry secrets. Things like host ssh
private keys should be set up out of band by an OS-external
configuration mechanism such as kickstart, cloud-init, etc.
We also assume that hiding binaries is not very useful as most
attackers would be able to find them on the Internet or (for
subscribed content) acting as a customer.
This fixes a bug with mirroring because we changed to take the
unmodified upstream objects rather than uncompress <-> recompress.
https://bugzilla.gnome.org/show_bug.cgi?id=748959
src/libostree/ostree-fetcher.c | 2 +-
tests/test-pull-mirror-summary.sh | 7 +++++++
2 files changed, 8 insertions(+), 1 deletions(-)
---
diff --git a/src/libostree/ostree-fetcher.c b/src/libostree/ostree-fetcher.c
index c72cf1d..bc2b676 100644
--- a/src/libostree/ostree-fetcher.c
+++ b/src/libostree/ostree-fetcher.c
@@ -502,7 +502,7 @@ on_request_sent (GObject *object,
else
oflags |= O_TRUNC;
- fd = openat (pending->self->tmpdir_dfd, pending->out_tmpfile, oflags, 0600);
+ fd = openat (pending->self->tmpdir_dfd, pending->out_tmpfile, oflags, 0666);
if (fd == -1)
{
gs_set_error_from_errno (&local_error, errno);
diff --git a/tests/test-pull-mirror-summary.sh b/tests/test-pull-mirror-summary.sh
index 5c639a7..7ff51fd 100755
--- a/tests/test-pull-mirror-summary.sh
+++ b/tests/test-pull-mirror-summary.sh
@@ -50,6 +50,13 @@ assert_file_has_content other-copy/hello-world "hello world another object"
ostree --repo=repo checkout -U yet-another yet-another-copy
assert_file_has_content yet-another-copy/yet-another-hello-world "hello world yet another object"
ostree --repo=repo fsck
+rev=$(ostree --repo=repo rev-parse main)
+find repo/objects -name '*.filez' | while read name; do
+ mode=$(stat -c '%a' "${name}")
+ if test "${mode}" = 600; then
+ assert_not_reached "Content object unreadable by others: ${mode}"
+ fi
+done
echo "ok pull mirror summary"
if ! ${CMD_PREFIX} ostree --version | grep -q -e '\+gpgme'; then
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]