GNOME Bugzilla – Bug 458397
file permissions are incorrect during file copy
Last modified: 2021-06-18 15:15:50 UTC
Please describe the problem: When copying files, files are created with the default umask permissions instead of using the permissions of the file being copied. Permissions are then "fixed" after the copy has been completed. This however leaves a window of vulnerability. Real world example: I just copyed my old home (perms=700) to a new disk. This took quite a long time, during which my home had permissions 775. Steps to reproduce: 1. Create a folder and put some large files inside 2. chmod 700 folder 3. Nautilus-copy it somewhere else Actual results: while copying, ls -d folder_copy shows 775 perms, and other users can go in and read inside the folders Expected results: folder_copy should be created with 700 perms Does this happen every time? yes Other information: The Right Thing would be to pass the correct permissions to open()/mkdir() etc. Failing that, a good enough easier fix would be to set umask to 700&old_umask for the copying stuff.
The same thing happens when copying a single file with the permissions set to 600.
Seems to still be a valid problem in nautilus 2.30 (with gio/gvfs). But is this a nautilus or gvfs problem?
It is a Nautilus problem. Please have a look at libnautilus-private/nautilus-file-operations.c, function copy_move_directory(). It first creates the destination (if requested), then iterates over the contents and copy the files over, and only after it copy the permissions. Personally, I'm not concerned about this specific security problem, but rather the fact that forcing a copy of the permissions destroy any ACL that might be configured in the destination directory. Is there some maintainer I can design a patch with?
[Bumping version number as per comment 2]
Having your umask set to something you think is insecure for your environment seems unwise. Why don't you just change it? Does not seem like this is a nautilus bug really.
Well, as far as I understand, this issue is concerned about making secured data insecure. It seems reasonable to me to expect nautilus to not render files insecure just by copying them onto a different medium, i.e. a second hard drive to migrate the home folder. I can't reproduce right now due to me lacking an external drive.
GNOME is going to shut down bugzilla.gnome.org in favor of gitlab.gnome.org. As part of that, we are mass-closing older open tickets in bugzilla.gnome.org which have not seen updates for a longer time (resources are unfortunately quite limited so not every ticket can get handled). If you can still reproduce the situation described in this ticket in a recent and supported software version of Files (nautilus), then please follow https://wiki.gnome.org/GettingInTouch/BugReportingGuidelines and create a new ticket at https://gitlab.gnome.org/GNOME/nautilus/-/issues/ Thank you for your understanding and your help.