Back In Time

Bug #419774
Comment #2

Comment 2 for bug 419774

Revision history for this message

Bart de Koning (bratdaking) wrote on 2009-09-01: Re: [Bug 419774] Re: deleting backups makes files world-readable

I was already having a look into this, but can you tell me whether hte line
is actually necessary, if you run backintime as root at least you can do
without the chmod, but when you are a normal user you probably need it...
Anyway I will submit the patch to be merged into the trunk. Thanks anyway!

I changed also line 577 into
self._execute( "find \"%s\" -type d -exec chmod u+wx {} \\;" %
new_snapshot_path ) #Debian patch
Was a similar matter...

Cheers,
Bart

2009/9/1 Jonathan Wiltshire <email address hidden>

> Hi,
>
> Since opening this bug the submitter has also sent this:
>
> > 2009/8/27 Rémi Vanicat <email address hidden>:
> >
> > > When asking backintime to remove an old backup, it first change mode
> > > of all file of the backup to 777, allowing potentially every local
> > > user to read and modify those before they are deleted (and this could
> take some
> > > time).
> >
> > Will looking at this bug, I found that applying this:
> >
> > --- common/snapshots.py~ 2009-08-24 23:11:27.000000000 +0200
> > +++ common/snapshots.py 2009-08-28 09:48:57.000000000 +0200
> > @@ -314,7 +314,7 @@
> > return
> >
> > path = self.get_snapshot_path( snapshot_id )
> > - cmd = "chmod -R a+rwx \"%s\"" % path
> > + cmd = "find \"%s\" -type d -exec chmod u+wx {} \\;" % path
> > self._execute( cmd )
> > cmd = "rm -rfv \"%s\"" % path
> > self._execute( cmd )
> >
> > to the snapshots.py file solve this problem but I also found others
> > call to chmod -R a+rwx or to
> > chmod a+w that should probably be investigated.
>
> If you can fix this soon, it would be great, as the Debian bug is grave
> and needs fixing as soon as possible. If not, I'll implement a temporary
> patch and fix it properly later.
>
> Cheers :)
>
> --
> deleting backups makes files world-readable
> https://bugs.launchpad.net/bugs/419774
> You received this bug notification because you are a direct subscriber
> of the bug.
>

I changed also line 577 into
            self._execute( "find \"%s\" -type d -exec chmod u+wx {} \\;" %
new_snapshot_path ) #Debian patch
Was a similar matter...

Cheers,
Bart

2009/9/1 Jonathan Wiltshire <debian@jwiltshire.org.uk>

> Hi,
>
> Since opening this bug the submitter has also sent this:
>
> > 2009/8/27 Rémi Vanicat <vanicat@debian.org>:
> >
> > > When asking backintime to remove an old backup, it first change mode
> > > of all file of the backup to 777, allowing potentially every local
> > > user to read and modify those before they are deleted (and this could
> take some
> > > time).
> >
> > Will looking at this bug, I found that applying this:
> >
> > --- common/snapshots.py~      2009-08-24 23:11:27.000000000 +0200
> > +++ common/snapshots.py       2009-08-28 09:48:57.000000000 +0200
> > @@ -314,7 +314,7 @@
> >                       return
> >
> >               path = self.get_snapshot_path( snapshot_id )
> > -             cmd = "chmod -R a+rwx \"%s\"" %  path
> > +             cmd = "find \"%s\" -type d -exec chmod u+wx {} \\;" % path
> >               self._execute( cmd )
> >               cmd = "rm -rfv \"%s\"" % path
> >               self._execute( cmd )
> >
> > to the snapshots.py file solve this problem but I also found others
> > call to chmod -R a+rwx or to
> > chmod a+w that should probably be investigated.
>
> If you can fix this soon, it would be great, as the Debian bug is grave
> and needs fixing as soon as possible. If not, I'll implement a temporary
> patch and fix it properly later.
>
> Cheers :)
>
> --
> deleting backups makes files world-readable
> https://bugs.launchpad.net/bugs/419774
> You received this bug notification because you are a direct subscriber
> of the bug.
>