Opened 14 years ago
Closed 14 years ago
#648 closed defect (fixed)
Created files shouldn't have the execute bit set
Reported by: | fabio | Owned by: | |
---|---|---|---|
Priority: | If Time Permits | Milestone: | Alpha 3 |
Component: | Core engine | Keywords: | |
Cc: | Patch: |
Description
Many files created by 0ad (e.g. cache, screenshots, ...) have the x (execute) bit set on linux. They should be created using the default mask.
Change History (12)
comment:1 by , 14 years ago
Priority: | major → minor |
---|
comment:2 by , 14 years ago
Priority: | minor → trivial |
---|
comment:3 by , 14 years ago
comment:4 by , 14 years ago
Hi, you can change it to:
S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH
This is the same of what's in currently without the executable flag (S_IRWXU=S_IRUSR|S_IWUSR|S_IXUSR, ...), also ordered better (user, group, others - *USR, *GRP, *OTH).
See also http://opengroup.org/onlinepubs/007908775/xsh/sysstat.h.html
Tested, it works as expected.
comment:5 by , 14 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
comment:6 by , 14 years ago
Now test fails:
Running 251 tests....................................................................................................................lib_errors.cpp(110): Function call failed: return value was -110300 (Insufficient access rights to open file) Function call failed: return value was -110300 (Insufficient access rights to open file) Location: lib_errors.cpp:110 (LibError_from_errno)
I suspect the execute bit shouldn't be removed from the directories, it has a different meaning here that forbids changing directory.
comment:7 by , 14 years ago
Resolution: | fixed |
---|---|
Status: | closed → reopened |
Yeah, directories will need X. Also we probably shouldn't give W (and maybe not give R) to group or other, since it's not good for security if some random user on the system can overwrite those files.
comment:8 by , 14 years ago
Note however that the W from g/o gets stripped away by system umask which tipically is 0022, so it could eventually be left since screenshot/cache file doesn't keep any secret.
comment:10 by , 14 years ago
(Yikes, this wiki isn't terribly great for real-time updates ;) )
OK. (Windows isn't doing these security checks, sorry that you have to debug the permissions.) The previous directory mode was S_IRWXU. Should we add X for O and G, or leave it at that?
since it's not good for security if some random user on the system can overwrite those files.
Yeah. I was previously assuming there might be directories shared between users (cache). However, the XDG paths default to something under the home directory. Are we sure there will never need to be sharing between users? (And are different users on the same machine placed in the same group, or is that level of access control seldom used?)
Attempt at summary thus far: files = 0644, dirs = 0755?
comment:11 by , 14 years ago
Users should only use the system-wide read-only installed cache (if we pre-cache .xmb/etc files in release packages, which we don't yet but should), and their own per-user writeable cache. Any other kind of shared cache would be insecure (one user could silently introduce data files that exploit vulnerabilities when another user runs the game), and unnecessary (the caches aren't big or slow), so I think we'll never want to do that.
XDG basedir says directories should be created with 0700, so we should stick with that. It doesn't say anything about files - 0644 sounds sensible to me.
comment:12 by , 14 years ago
Resolution: | → fixed |
---|---|
Status: | reopened → closed |
Thanks for mentioning this. The culprit is S_IRWXO|S_IRWXU|S_IRWXG at file.cpp:59. What should we write instead?