Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixed Sensitive Data Exposure: Reset umask #1133

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Fixed Sensitive Data Exposure: Reset umask #1133

wants to merge 1 commit into from

Conversation

fazledyn-or
Copy link

Description

While triaging your project, our bug fixing tool generated the following message(s)-

In file: daemon.py, there is a method daemonize that grants permission to the others class which refers to all users except the owner and member of the file's group class. This may lead to undesired access to a confidential file. iCR replaced the loose permission with a stricter permission.

Setting umask to 0 can lead to dangerous situation. For example, executing the program will result in creating two files such as-

import os

print("Before using umask")
with open("before.txt.bad", "w") as f:
	f.write("Hello World")

os.umask(0)
# do things
print("After using umask")

with open("after.txt.bad", "w") as f:
	f.write("Hello World 2")
-rw-rw-rw-  1 ataf ataf   13 Dec 12 15:21 after.txt.bad
-rw-rw-r--  1 ataf ataf   11 Dec 12 15:21 before.txt.bad

Whereas, if we reset the umask to previous value and then execute the program, we get-

import os

print("Before using umask")
with open("before.txt.good", "w") as f:
	f.write("Hello World")

mask = os.umask(0)
# do things with umask here
os.umask(mask)

print("After using umask")
with open("after.txt.good", "w") as f:
	f.write("Hello World 2")
-rw-rw-r--  1 ataf ataf  221 Dec 12 15:18 bad.py
-rw-rw-r--  1 ataf ataf  261 Dec 12 15:18 good.py

Changes

Since the umask is set to 0 for daemonizing a process, after it's done, it can be set to the previous value. As a result, the value of umask won't affect any future execution and won't lead to any data exposure issues.

CLA Requirements

This section is only relevant if your project requires contributors to sign a Contributor License Agreement (CLA) for external contributions.

All contributed commits are already automatically signed off.

The meaning of a signoff depends on the project, but it typically certifies that committer has the rights to submit this work under the same license and agrees to a Developer Certificate of Origin (see https://developercertificate.org/ for more information).
- Git Commit SignOff documentation

Sponsorship and Support

This work is done by the security researchers from OpenRefactory and is supported by the Open Source Security Foundation (OpenSSF): Project Alpha-Omega. Alpha-Omega is a project partnering with open source software project maintainers to systematically find new, as-yet-undiscovered vulnerabilities in open source code - and get them fixed – to improve global software supply chain security.

The bug is found by running the Intelligent Code Repair (iCR) tool by OpenRefactory and then manually triaging the results.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@fazledyn-or