BleachBit

0.7.0 beta bug: Wrong ownership of config files is set

Bug #455579 reported by Daniel Riedemann
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
BleachBit
Fix Released
Medium
Andrew Ziem
BleachBit 0.7.0

Bug Description

Hello Andrew,

another bug - sorry :(
When you start bleachbit the first time it creates .config/ and .config/bleachbit/ and /root/.config/bleachbit/bleachbit.ini if it doesn't exist and sets the ownership of this to UID 100, GID is unchanged.

When the files/directories already exists bleachbit doesn't change anything, so it's just at initial creation.

output at the console:
As root:
##
debug: makedirs(/root/.config/bleachbit)
debug: makedirs(/root/.config)
debug: chown(/root/.config, uid=100)
debug: chown(/root/.config/bleachbit, uid=100)
debug: chown(/root/.config/bleachbit/bleachbit.ini, uid=100)
##

As normal user:
###
debug: makedirs(/home/daniel/.config/bleachbit)
debug: makedirs(/home/daniel/.config)
debug: chown(/home/daniel/.config, uid=100)
Traceback (most recent call last):
  File "/usr/share/bleachbit/General.py", line 77, in chownself
    os.chown(path, uid, -1)
OSError: [Errno 1] Die Operation ist nicht erlaubt: '/home/daniel/.config'
debug: chown(/home/daniel/.config/bleachbit, uid=100)
Traceback (most recent call last):
  File "/usr/share/bleachbit/General.py", line 77, in chownself
    os.chown(path, uid, -1)
OSError: [Errno 1] Die Operation ist nicht erlaubt: '/home/daniel/.config/bleachbit'
###

You see the German "Die Operation ist nicht erlaubt" which means in English "Operation not permitted". That's good and right because a normal user doesn't have the rights to change ownerships. But for root it works of course:

###
root@E6600 ~ # ls -lisa ~/ | grep .config
939158 4,0K drwx------ 3 100 root 4,0K 19. Okt 18:35 .config
###

###
root@E6600 ~ # ls -lisa ~/.config
insgesamt 12K
939158 4,0K drwx------ 3 100 root 4,0K 19. Okt 18:35 .
  8572 4,0K drwxr-x--- 8 root root 4,0K 19. Okt 18:37 ..
939167 4,0K drwx------ 2 100 root 4,0K 19. Okt 18:35 bleachbit
###

###
root@E6600 ~ # ls -lisa ~/.config/bleachbit
insgesamt 12K
939167 4,0K drwx------ 2 100 root 4,0K 19. Okt 18:35 .
939158 4,0K drwx------ 3 100 root 4,0K 19. Okt 18:35 ..
939168 4,0K -rw-r--r-- 1 100 root 366 19. Okt 18:35 bleachbit.ini
###

That's just a no-go and a very big security issue. Please fix that before the final release of 0.7.0

Best regards

Tags: bug
Revision history for this message
Andrew Ziem (ahziem1) wrote :

> debug: chown(/root/.config, uid=100)

You using sudo here, right?

>so it's just at initial creation.

The purpose of "chownself" (which I agree is malfunctioning) is to fix permissions when BleachBit first starts in 'sudo' mode. Without chownself, the files are owned by root in the user's home directory like /home/daniel/.config/bleachbit, so if you start BleachBit the second time without 'sudo', you cannot access the file.

>That's just a no-go and a very big security issue.

I'm glad to fix it, but I disagree on the risk. UID 100 should still not be able to access /root/.config/bleachbit/ because /root/ has permissions 0700.

Revision history for this message
Daniel Riedemann (darie) wrote :

>You using sudo here, right?

No I didn't use sudo... I used su and was root all the time.
You can repodruce it:
# su
# rm -r ~/.config/bleachbit (I didn't type .config/ here because of the damage if you just copy it, if .config doesn't exist it also gets UID 100)
# bleachbit
# ls -lisa ~/.config/ | grep bleachbit
And you see the owner UID 100

>UID 100 should still not be able to access /root/.config/bleachbit/ because /root/ has permissions 0700.

Ok, you're right here ;)
But it's just not right to leave that as it is. No one except root itself should own a file in /root

Revision history for this message
Andrew Ziem (ahziem1) wrote :

Should be fixed in SVN 1386. BleachBit now handles four different modes
1. normal user
2. sudo
3. su
4. direct root login

Changed in bleachbit:
assignee: nobody → Andrew Ziem (ahziem1)
milestone: none → 0.7.0
status: New → Fix Committed
Revision history for this message
Daniel Riedemann (darie) wrote :

Revision 1389:
Works now and ownership is right. :)

Andrew Ziem (ahziem1)
Changed in bleachbit:
status: Fix Committed → Fix Released
security vulnerability: yes → no
visibility: private → public
Andrew Ziem (ahziem1)
Changed in bleachbit:
importance: Undecided → Medium
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.