[Desktop-packages] [Bug 209746] Re: File permissions are incorrect during file copy

Sun, 30 Dec 2012 10:30:45 -0800 

** Changed in: nautilus
       Status: Incomplete => New

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to nautilus in Ubuntu.
https://bugs.launchpad.net/bugs/209746

Title:
  File permissions are incorrect during file copy

Status in Nautilus:
  New
Status in “nautilus” package in Ubuntu:
  Triaged

Bug description:
  Binary package hint: nautilus

  From http://bugzilla.gnome.org/show_bug.cgi?id=458397
  reported by Roberto Zunino:

  When copying files, files are created with the default umask permissions
  instead of using the permissions of the file being copied. Permissions are 
then
  "fixed" after the copy has been completed. This however leaves a window of
  vulnerability.

  Real world example: I just copyed my old home (perms=700) to a new disk. This
  took quite a long time, during which my home had permissions 775.

  Steps to reproduce:
  1. Create a folder and put some large files inside
  2. chmod 700 folder
  3. Nautilus-copy it somewhere else

  Actual results:
  while copying, ls -d folder_copy shows 775 perms, and other users can go in 
and
  read inside the folders

  Expected results:
  folder_copy should be created with 700 perms

  Does this happen every time?
  yes

  Other information:
  The Right Thing would be to pass the correct permissions to open()/mkdir() 
etc.

  Failing that, a good enough easier fix would be to set umask to 700&old_umask
  for the copying stuff.

  -----[ End of bug report by Roberto Zunino
  ]-------------------------------------------

  I can reproduce this bug now with nautilus version 1:2.20.0-0ubuntu7.1
  under Ubuntu 7.10 (Gutsy). I tried to copy a single regular file with
  the permissions set to 600, so the problem is not limited to copying
  directories.

  I'm marking this as a security vulnerability because under appropriate
  circumstances it can allow local users to read other's files
  effectively bypassing the permissions set by the owner. It is true
  that many users won't be affected by this but that's not a valid
  reason to ignore the problem.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nautilus/+bug/209746/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to