Re: [sqlite] owner/permissions on wal/shm and journal files

Mon, 21 Feb 2011 01:55:40 -0800 

On 21 Feb 2011, at 09:36, Simon Slavin wrote:

> On 21 Feb 2011, at 9:35am, Philip Graham Willoughby wrote:
> 
>> On 20 Feb 2011, at 16:18, thilo wrote:
>> 
>>> My DB is owned by a different user (www) and I as root insert some data.
>> ...
>>> Are there any suggestions on how to make this workable?
>> 
>> Don't do that. Unless you can guarantee that no malicious user has been able 
>> to alter your database it isn't safe to interact with it as root if you're 
>> using a version of the sqlite3 shell that has the .load built-in. Use su or 
>> sudo to become www and interact with your data as the owning user.
> 
> Would it be feasible to copy whatever protection is on the database file to 
> any temporary files like journal files ?

On systems with traditional unix permissions if you have authority to create a 
file in a directory you also have authority to set the created file's 
permissions. You can also change the group of the file to any group of which 
you are a member. Conceptually, the relevant VFSs would need to do something 
like this when creating subsidiary files:

// Allow us to set whatever file mode we want
mode_t oldmode = umask(0);
struct stat dbstat;
// Retrieve database permissions etc
fstat(dbfh, &dbstat);
// Create file with the right permissions if necessary
int newfd = open(…,…|O_EXCL|O_CREAT,dbstat.st_mode);
// Match the group id - should usually work
if (fchown(newfd,-1,dbstat.st_gid))
{
  // Could not change gid to match db
  // log warning?
}
// Match the user id - should usually fail
if (fchown(newfd,dbstat.st_uid,-1))
{
  // Could not change uid to match db
  // log warning?
}
// restore umask
umask(oldmode);

For me, the mode-matching is definitely worth it - if you have a group-writable 
database you almost certainly want a group-writable log. Similarly the 
gid-matching code is worthwhile for the same reason.

The uid-matching code is only usable by root or processes given that privilege 
by some other mechanism and is therefore less worthwhile.

Best Regards,

Phil Willoughby
-- 
Managing Director, StrawberryCat Limited

StrawberryCat Limited is registered in England and Wales with Company No. 
7234809.

The registered office address of StrawberryCat Limited is:

107 Morgan Le Fay Drive
Eastleigh
SO53 4JH

_______________________________________________
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users

Reply via email to