Bug#805638: dbconfig-common: Insecure permissions for backup directory

Sat, 21 Nov 2015 05:09:37 -0800 

Control: tags -1 patch

On Sat, Nov 21, 2015 at 08:52:29AM +0100, Paul Gevers wrote:
> On 20-11-15 15:07, Simon Ruderich wrote:
>> dbconfig-common creates a backup of the database on update and
>> stores it in /var/cache/dbconfig-common/backups/. However the
>> permissions are readable for all users which might expose
>> sensitive data to all local users.
>
> Could you please provide more info, like which package you worked with
> and which database type? The dbconfig-common package has mysql upgrade
> examples and they work correctly:

Hello Paul,

I just checked the source and found the problem. The backup file
is touched before setting the umask, thus creating it with the
insecure permissions. Attached is a patch against the version in
Jessie (and another for sid).

Regards
Simon
-- 
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9

--- /usr/share/dbconfig-common/internal/pgsql.orig	2014-11-02 21:54:07.000000000 +0100
+++ /usr/share/dbconfig-common/internal/pgsql	2015-11-21 13:49:04.863637686 +0100
@@ -174,14 +174,14 @@
 	local extra retval PGSSLMODE localuser _dbc_asuser dumpfile old_umask
 	dumpfile=$1
 	localuser=`_dbc_psql_local_username`
-	touch $dumpfile
-	chown $localuser $dumpfile
 	PGSSLMODE="prefer"
 	retval=0
 	_dbc_psql_cmd_setup
 	if [ "$dbc_ssl" ]; then PGSSLMODE="require"; fi
 	old_umask=`umask`
 	umask 0066
+	touch $dumpfile
+	chown $localuser $dumpfile
 	extra=`_dbc_psql_cmd_args`
 	extra="-f \"$dumpfile\" $extra"
 	_dbc_debug "su -s /bin/sh $localuser -c \"env HOME='$_dbc_pgsql_tmpdir' PGPASSFILE='$_dbc_pgsql_tmpdir/.pgpass' PGSSLMODE='$PGSSLMODE' pg_dump $extra $dbc_dbname\" 2>&1"

--- internal/pgsql.orig	2015-11-21 13:53:12.044106639 +0100
+++ internal/pgsql	2015-11-21 13:53:50.944337903 +0100
@@ -181,14 +181,14 @@
     local extra retval PGSSLMODE localuser _dbc_asuser dumpfile old_umask
     dumpfile=$1
     localuser=`_dbc_psql_local_username`
-    touch $dumpfile
-    chown $localuser $dumpfile
     PGSSLMODE="prefer"
     retval=0
     _dbc_psql_cmd_setup
     if [ "${dbc_ssl:-}" ]; then PGSSLMODE="require"; fi
     old_umask=`umask`
     umask 0066
+    touch $dumpfile
+    chown $localuser $dumpfile
     extra=`_dbc_psql_cmd_args`
     extra="-f \"$dumpfile\" $extra"
     _dbc_debug "su -s /bin/sh $localuser -c \"env HOME='$_dbc_pgsql_tmpdir' PGPASSFILE='$_dbc_pgsql_tmpdir/.pgpass' PGSSLMODE='$PGSSLMODE' pg_dump $extra $dbc_dbname\" 2>&1"

Attachment: signature.asc
Description: PGP signature

Reply via email to