After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 458397 - file permissions are incorrect during file copy
file permissions are incorrect during file copy
Status: RESOLVED OBSOLETE
Product: nautilus
Classification: Core
Component: File and Folder Operations
2.30.x
Other All
: Normal major
: ---
Assigned To: Nautilus Maintainers
Nautilus Maintainers
Depends on:
Blocks:
 
 
Reported: 2007-07-19 19:44 UTC by Roberto Zunino
Modified: 2021-06-18 15:15 UTC
See Also:
GNOME target: ---
GNOME version: 2.29/2.30


Description Roberto Zunino 2007-07-19 19:44:12 UTC 
Please describe the problem:
When copying files, files are created with the default umask permissions instead of using the permissions of the file being copied. Permissions are then "fixed" after the copy has been completed. This however leaves a window of vulnerability.

Real world example: I just copyed my old home (perms=700) to a new disk. This took quite a long time, during which my home had permissions 775.

Steps to reproduce:
1. Create a folder and put some large files inside
2. chmod 700 folder
3. Nautilus-copy it somewhere else


Actual results:
while copying, ls -d folder_copy shows 775 perms, and other users can go in and read inside the folders

Expected results:
folder_copy should be created with 700 perms

Does this happen every time?
yes

Other information:
The Right Thing would be to pass the correct permissions to open()/mkdir() etc.

Failing that, a good enough easier fix would be to set umask to 700&old_umask for the copying stuff.
Comment 1 Alexander Konovalenko 2008-03-31 16:21:48 UTC 
The same thing happens when copying a single file with the permissions set to 600.
Comment 2 Marcus Carlson 2010-07-06 21:13:26 UTC 
Seems to still be a valid problem in nautilus 2.30 (with gio/gvfs). But is this a nautilus or gvfs problem?
Comment 3 Giovanni Bajo 2010-10-28 20:56:32 UTC 
It is a Nautilus problem. Please have a look at libnautilus-private/nautilus-file-operations.c, function copy_move_directory(). It first creates the destination (if requested), then iterates over the contents and copy the files over, and only after it copy the permissions.

Personally, I'm not concerned about this specific security problem, but rather the fact that forcing a copy of the permissions destroy any ACL that might be configured in the destination directory.

Is there some maintainer I can design a patch with?
Comment 4 André Klapper 2011-08-11 12:43:09 UTC 
[Bumping version number as per comment 2]
Comment 5 William Jon McCann 2012-08-25 17:43:02 UTC 
Having your umask set to something you think is insecure for your environment seems unwise. Why don't you just change it? Does not seem like this is a nautilus bug really.
Comment 6 Tobias Mueller 2012-12-29 22:17:20 UTC 
Well, as far as I understand, this issue is concerned about making secured data insecure. It seems reasonable to me to expect nautilus to not render files insecure just by copying them onto a different medium, i.e. a second hard drive to migrate the home folder.

I can't reproduce right now due to me lacking an external drive.
Comment 7 André Klapper 2021-06-18 15:15:50 UTC 
GNOME is going to shut down bugzilla.gnome.org in favor of gitlab.gnome.org.
As part of that, we are mass-closing older open tickets in bugzilla.gnome.org
which have not seen updates for a longer time (resources are unfortunately
quite limited so not every ticket can get handled).

If you can still reproduce the situation described in this ticket in a recent
and supported software version of Files (nautilus), then please follow
  https://wiki.gnome.org/GettingInTouch/BugReportingGuidelines
and create a new ticket at
  https://gitlab.gnome.org/GNOME/nautilus/-/issues/

Thank you for your understanding and your help.