Menu
▾
▴
#125 Save Actions - Backup Copy creates world readable backup copies
geany 1.24.1 (built on 2014-04-17 with GTK 2.24.22, GLib 2.38.2)
Kernel: 3.17.8-200.fc20.x86_64
OS: Fedora release 20 (Heisenbug)
When the Backup Copy feature is enabled in the Save Actions plug-in, the default behavior is to create a backup copy in /tmp. The problem is that the backup copy is created world readable which doesn't seem like a very secure default. For example:
ls -l /tmp/notes.txt.*
-rw-rw-r--. 1 myuser mygroup 12858 Jan 15 08:07 notes.txt.2015-01-15-08-07-09
Would you agree (try to) setting the file permissions of the backup file to the same as the original source file would be an appropriate solution?
Setting the file permission to the same as the file being edited does not completely resolve this issue. If the backup file is being stored in a global temporary directory there is a very good chance that files are accidentally or temporally exposed as world readable.
Perhaps if the default location for the backup was in a hidden and private directory under the user's home directory then the same file permissions would be fine.
True true.
But this seems to be rather a documentation issue than something which can be really solved with code.
I'd suggest to add a note about possible security issues to the documentation at http://geany.org/manual/#backup-copy.
Code fixes could be:
- set the backup file permissions to 600, i.e. only owner can read it
- try to guess whether the user stores the backup copies in a world readable/public directory
- add an option to let the user specify the file permissions to be used for backup copies
Since this whole topic affects only a few users at all, I think a documentation note is sufficient instead of writing guessing code which is never a good thing.
IMO most users with single-user desktop systems are not affected by this issue because usually only themselves can access /tmp (or $TMPDIR in general).
I like the idea of "set the backup file permissions to 600, i.e. only owner can read it" but I also understand your point.
It does seem like Geany may have a limited user base. Perhaps it isn't for enterprise or corporate desktops.
I would't completely agree on the point "Perhaps it isn't for enterprise or corporate desktops". Maybe it is not yet completey ready for this kind of setup, yes. I guess this is just not the majority of users.
Anyway, would you agree to set the backup file permissions to 600 by default and additionally add some notes to the documentation to explain the change?
This seems like a good solution to me. But you seem to suggest it has issues so it should be an option, which issues would that be?
It is for anyone and any situation they see fit. First, if a plugin has a problem doesn't mean Geany has as a whole. And then, bugs are meant to be fixed, nobody can expect any application to be bug-free -- that's why bug report are important :) And as it seems @eht16 understands the problem and is willing to fix it up, that particular issue should be gone next release :)
Did I? I don't see big issues with setting file permissions to 600 except that it won't work on Windows. This fact I would add to the documentation.
Well, when I read the proposal in your comment it didn't look like you were really convinced it was a good idea, but it may just have been me misinterpreting some non-existent subtext :)
See https://github.com/geany/geany/pull/413 for a possible implementation.
This definitely takes care of the issue I reported. Thanks for looking into this @Enrico Tröger.
Fixed in 7229aa9cff84b6d42f75edba5b26babd2f6b8b64.