0.7.0 beta bug: Wrong ownership of config files is set

Bug #455579 reported by Daniel Riedemann on 2009-10-19
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
BleachBit
Medium
Andrew Ziem

Bug Description

Hello Andrew,

another bug - sorry :(
When you start bleachbit the first time it creates .config/ and .config/bleachbit/ and /root/.config/bleachbit/bleachbit.ini if it doesn't exist and sets the ownership of this to UID 100, GID is unchanged.

When the files/directories already exists bleachbit doesn't change anything, so it's just at initial creation.

output at the console:
As root:
##
debug: makedirs(/root/.config/bleachbit)
debug: makedirs(/root/.config)
debug: chown(/root/.config, uid=100)
debug: chown(/root/.config/bleachbit, uid=100)
debug: chown(/root/.config/bleachbit/bleachbit.ini, uid=100)
##

As normal user:
###
debug: makedirs(/home/daniel/.config/bleachbit)
debug: makedirs(/home/daniel/.config)
debug: chown(/home/daniel/.config, uid=100)
Traceback (most recent call last):
  File "/usr/share/bleachbit/General.py", line 77, in chownself
    os.chown(path, uid, -1)
OSError: [Errno 1] Die Operation ist nicht erlaubt: '/home/daniel/.config'
debug: chown(/home/daniel/.config/bleachbit, uid=100)
Traceback (most recent call last):
  File "/usr/share/bleachbit/General.py", line 77, in chownself
    os.chown(path, uid, -1)
OSError: [Errno 1] Die Operation ist nicht erlaubt: '/home/daniel/.config/bleachbit'
###

You see the German "Die Operation ist nicht erlaubt" which means in English "Operation not permitted". That's good and right because a normal user doesn't have the rights to change ownerships. But for root it works of course:

###
root@E6600 ~ # ls -lisa ~/ | grep .config
939158 4,0K drwx------ 3 100 root 4,0K 19. Okt 18:35 .config
###

###
root@E6600 ~ # ls -lisa ~/.config
insgesamt 12K
939158 4,0K drwx------ 3 100 root 4,0K 19. Okt 18:35 .
  8572 4,0K drwxr-x--- 8 root root 4,0K 19. Okt 18:37 ..
939167 4,0K drwx------ 2 100 root 4,0K 19. Okt 18:35 bleachbit
###

###
root@E6600 ~ # ls -lisa ~/.config/bleachbit
insgesamt 12K
939167 4,0K drwx------ 2 100 root 4,0K 19. Okt 18:35 .
939158 4,0K drwx------ 3 100 root 4,0K 19. Okt 18:35 ..
939168 4,0K -rw-r--r-- 1 100 root 366 19. Okt 18:35 bleachbit.ini
###

That's just a no-go and a very big security issue. Please fix that before the final release of 0.7.0

Best regards

Tags: bug Edit Tag help
Andrew Ziem (ahziem1) wrote :

> debug: chown(/root/.config, uid=100)

You using sudo here, right?

>so it's just at initial creation.

The purpose of "chownself" (which I agree is malfunctioning) is to fix permissions when BleachBit first starts in 'sudo' mode. Without chownself, the files are owned by root in the user's home directory like /home/daniel/.config/bleachbit, so if you start BleachBit the second time without 'sudo', you cannot access the file.

>That's just a no-go and a very big security issue.

I'm glad to fix it, but I disagree on the risk. UID 100 should still not be able to access /root/.config/bleachbit/ because /root/ has permissions 0700.

Daniel Riedemann (darie) wrote :

>You using sudo here, right?

No I didn't use sudo... I used su and was root all the time.
You can repodruce it:
# su
# rm -r ~/.config/bleachbit (I didn't type .config/ here because of the damage if you just copy it, if .config doesn't exist it also gets UID 100)
# bleachbit
# ls -lisa ~/.config/ | grep bleachbit
And you see the owner UID 100

>UID 100 should still not be able to access /root/.config/bleachbit/ because /root/ has permissions 0700.

Ok, you're right here ;)
But it's just not right to leave that as it is. No one except root itself should own a file in /root

Andrew Ziem (ahziem1) wrote :

Should be fixed in SVN 1386. BleachBit now handles four different modes
1. normal user
2. sudo
3. su
4. direct root login

Changed in bleachbit:
assignee: nobody → Andrew Ziem (ahziem1)
milestone: none → 0.7.0
status: New → Fix Committed
Daniel Riedemann (darie) wrote :

Revision 1389:
Works now and ownership is right. :)

Andrew Ziem (ahziem1) on 2009-10-23
Changed in bleachbit:
status: Fix Committed → Fix Released
security vulnerability: yes → no
visibility: private → public
Andrew Ziem (ahziem1) on 2009-11-01
Changed in bleachbit:
importance: Undecided → Medium
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers