Description

When MoinMoin generates a file (for example a user config file, a trail file, etc.), it typically first creates the file, then sets the file permissions later. This means that files could have too relaxed file permissions in the (very very short) time in between, which is a potential (although very minor) security risk.

Example code from User.setBookmark:

The file is created first, and the permissions are only set later. Similar code occurs in many places (grep for chmod).

I am also not sure about the silent try/except. I think a problem with the chmod should at least be logged somehow, except of course on platforms where os.chmod is not available.

Steps to reproduce

Exploiting this relies on race conditions and should be very very difficult to do. One way to showcase the problem might be:

  1. Add a delay (time.sleep) after closing the file in the code above to artificially generate some time for other processes to interfere.

  2. Set the Wiki umask to a setting like 0744.

  3. Log in as some user and set the recent changes bookmark to run the code above.
  4. During the delay, log in to the machine running the wiki as some user.
  5. cat filename, where filename is the name of the bookmark file. (Normally, one would not know this, but that does not solve other instances of this problem and relies on "security by obscurity", which is bad.)

Details

This wiki.

Workaround

Make sure that the wiki directory has the executable flag cleared for other users.

Discussion

This is a very minor issue because for the default umask of 0770, the main wiki directory will be completely inaccessible for other anyway, and group will be able to read and write everything anyway. The problem only exists if for some reason you want a umask like 0710. Also, web servers are mostly configured with very restrictive environment umasks. Still, I think it is desirable to be very conservative with file permissions.

Possible ideas for fixing the umask problem:

-- MalteHelmert 2005-02-11 20:15:16

Plan


CategoryMoinMoinBugFixed

MoinMoin: MoinMoinBugs/FilePermissionsSetTooLate (last edited 2007-10-29 19:13:02 by localhost)