deleting backups makes files world-readable
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Back In Time |
Fix Released
|
Undecided
|
Unassigned | ||
backintime (Debian) |
Fix Released
|
Unknown
|
Bug Description
From Debian bug #543785
From: Rémi Vanicat <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: Bug#543785: backintime-common: backintime make world readable file in
backup when it remove old backup
Message-ID: <20090826220449
Reply-To: Rémi Vanicat <email address hidden>, <email address hidden>
X-Mailer: reportbug 4.6
Package: backintime-common
Version: 0.9.26-2
Severity: grave
Tags: security
Justification: user security hole
When asking backintime to remove an old backup, it first change mode
of all file of the backup to 777, allowing potentially every local
user to read and modify those before they are deleted (and this could take some
time).
Worst still, if a file is shared between several backup, as the file's
mode are also shared, it stay world readable and writable in those
other backup.
Note that one do not need to change the mode of a file to suppress it:
only the mode of the directory need to be changed. The other advantage
to change the mode only for directories is that they are not shared
between backup, so the changed mode don't stay for long period of
time.
Related branches
- Dan: Pending requested
- Diff: None lines
visibility: | private → public |
Changed in backintime (Debian): | |
status: | Unknown → New |
Changed in backintime (Debian): | |
status: | New → Confirmed |
Changed in backintime: | |
status: | New → Confirmed |
Changed in backintime: | |
status: | Confirmed → Fix Committed |
Changed in backintime (Debian): | |
status: | Confirmed → Fix Released |
Changed in backintime: | |
status: | Fix Committed → Fix Released |
Hi,
Since opening this bug the submitter has also sent this:
> 2009/8/27 Rémi Vanicat <email address hidden>: snapshots. py~ 2009-08-24 23:11:27.000000000 +0200 snapshot_ path( snapshot_id )
>
> > When asking backintime to remove an old backup, it first change mode
> > of all file of the backup to 777, allowing potentially every local
> > user to read and modify those before they are deleted (and this could take some
> > time).
>
> Will looking at this bug, I found that applying this:
>
> --- common/
> +++ common/snapshots.py 2009-08-28 09:48:57.000000000 +0200
> @@ -314,7 +314,7 @@
> return
>
> path = self.get_
> - cmd = "chmod -R a+rwx \"%s\"" % path
> + cmd = "find \"%s\" -type d -exec chmod u+wx {} \\;" % path
> self._execute( cmd )
> cmd = "rm -rfv \"%s\"" % path
> self._execute( cmd )
>
> to the snapshots.py file solve this problem but I also found others
> call to chmod -R a+rwx or to
> chmod a+w that should probably be investigated.
If you can fix this soon, it would be great, as the Debian bug is grave and needs fixing as soon as possible. If not, I'll implement a temporary patch and fix it properly later.
Cheers :)