trim-cache can delete arbitrary files by accident

[DennisMitchell]

There was a serious bug in older versions of the trim-cache script that could delete arbitrary files by accident. To trigger it, you had to install TIO at least partially. If you just cloned the repo, you're safe.

Note that triggering the bug requiring executing commands on a machine you control. It's not possible to trigger it from the sandbox.

Realistically, I think it could only be triggered in two scenarios. Do NOT perform these steps.

1. In a manual install, the following would trigger the bug.

   • Clone the tryitonline repo to /srv (that exact path).
   • Create a valid trim-cache configuration file in /srv/etc.
   • Fail to create a /srv/cache directory.
   • Run the trim-cache script in a directory where you have write access to sub-directories, either manually or via the systemd unit files in the tryitonline repo.

2. With tiosetup, the following would trigger the bug.

   • Perform a full install or at least run the scripts in the stage directory.
   • Delete the /srv/cache directory.
   • Leave the tio-web service running or start/install the tio-trim-cache service/timer manually.

   In this case, the trim-cache script would be run as root in /, deleting most system files.

As of commit b1967d1, aside from fixing the faulty script, the systemd unit file now runs it with write access to /srv/cache and nothing else.

If you know anyone who might be running a TIO server, please point them to this issue.

[DennisMitchell]

This is already fixed, but I'll leave the issue open for better visibility.

If applicable, please run git pull in /srv to update your TIO install to the latest version, then systemctl daemon-reload to load the new unit files.