Task #7484

Files in tarball are world read and writable

Added by Jesús García Crespo over 7 years ago. Updated about 7 years ago.

Status:VerifiedStart date:11/06/2014
Priority:HighDue date:
Assignee:Jesús García Crespo% Done:

0%

Category:SecurityEstimated time:2.00 hours
Target version:Release 2.2.0
Google Code Legacy ID: Tested version:
Sponsored:No Requires documentation:No

Description

From the user forum:

When I unpacked the installation tar ball, a number of files and directories were world read and writable, notably in the config dir, which contains credentials. The default permissions should be adjusted, and users should be guided through steps on how to establish basic secure, beyond ensuring that the Firewall is properly configured.

See: https://groups.google.com/forum/#!msg/ica-atom-users/4R8HseUzRlU/vfwW6-we_TIJ

History

#1 Updated by David Juhasz about 7 years ago

  • Tracker changed from Bug to Task
  • Estimated time set to 2.00

#2 Updated by Jesús García Crespo about 7 years ago

I can't find a quick fix for this, the problem seems to be in "pear package", which modifies the permissions before the files are archived in the tarball.

One solution could be to add a note in Filesystem permissions recommending to restrict the access to the directory in shared environments. Basically, we could add "sudo chmod 700 /usr/share/nginx/atom". In server environments where the administrator doesn't create local accounts for other users this is not really a problem.

#3 Updated by Jesús García Crespo about 7 years ago

  • Status changed from New to Document

We're going to add some notes in the installation instructions.

#4 Updated by Jesús García Crespo about 7 years ago

  • Status changed from Document to Verified

Also available in: Atom PDF