Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not create local world-readable files and directories per default #29448

Closed
wants to merge 1 commit into from
Closed

Do not create local world-readable files and directories per default #29448

wants to merge 1 commit into from

Conversation

Flowdalic
Copy link

Starting with e5dc1a8 ("Set umask before operations that create
local files") Nextcloud would create local files and directories with
their permission set to world readable. While you can protect access
to nextcloud's data/ directory by -x'ing it, when it comes to
permissions and security, a defensive approach is always
preferable. Hence this changes the used umask from 022 to 027.

This partly addresses #29041.

@szaimen szaimen added the 3. to review Waiting for reviews label Oct 26, 2021
@szaimen szaimen requested review from icewind1991, a team, CarlSchwan and come-nc and removed request for a team October 26, 2021 15:11
@szaimen szaimen added this to the Nextcloud 24 milestone Oct 27, 2021
@Flowdalic
Do not create local world-readable files and directories per default
78edee3 
Starting with e5dc1a8 ("Set umask before operations that create
local files") Nextcloud would create local files and directories with
their permission set to world readable. While you can protect access
to nextcloud's data/ directory by -x'ing it, when it comes to
permissions and security, a defensive approach is always
preferable. Hence this changes the used umask from 022 to 027.

This partly addresses nextcloud#29041.

Signed-off-by: Florian Schmaus <flo@geekplace.eu>
@Flowdalic
Copy link
Author

Rebased on the latest master and added DCO. Please approve the workflows. Thanks.

@skjnldsv skjnldsv mentioned this pull request Mar 24, 2022
Merged
@blizzz blizzz mentioned this pull request Mar 31, 2022
Merged
This was referenced Apr 7, 2022
Merged
Merged
@blizzz blizzz modified the milestones: Nextcloud 24, Nextcloud 25 Apr 21, 2022
come-nc
come-nc reviewed May 5, 2022
View reviewed changes
Copy link
Contributor

@come-nc come-nc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My preference would really go toward leaving umask alone, or at least make it an option.

@szaimen
Copy link
Contributor

szaimen commented May 5, 2022
edited
Loading

@come-nc Something like #31293 ?

@come-nc
Copy link
Contributor

come-nc commented May 6, 2022

@come-nc Something like #31293 ?

Yes exactly, I forgot we had already a PR for this. @icewind1991 Could you review it?

@szaimen
Copy link
Contributor

szaimen commented Jun 10, 2022

obsoleted by #32723

@szaimen szaimen closed this Jun 10, 2022
@szaimen szaimen removed this from the Nextcloud 25 milestone Jun 10, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@come-nc come-nc come-nc left review comments

@icewind1991 icewind1991 icewind1991 approved these changes

@CarlSchwan CarlSchwan Awaiting requested review from CarlSchwan

Assignees
No one assigned
Labels
3. to review Waiting for reviews
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@Flowdalic @szaimen @come-nc @icewind1991 @blizzz