Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[6.2.x] Fix minor temporary directory security issue #8517

Merged
merged 4 commits into from Apr 3, 2021
Merged

[6.2.x] Fix minor temporary directory security issue #8517

merged 4 commits into from Apr 3, 2021

Commits on Apr 3, 2021

  1. pathlib: remove useless temporary variable

    @bluetech
    bluetech committed Apr 3, 2021
    Copy the full SHA
    02fdbe2 View commit details
    Browse the repository at this point in the history

  2. pathlib: inline ensure_reset_dir() 

    This is only used in TempPathFactory.getbasetemp(). We'll be wanting
further control/care there, so move it into there.
    @bluetech
    bluetech committed Apr 3, 2021
    Copy the full SHA
    93dbae2 View commit details
    Browse the repository at this point in the history

  3. tmpdir: fix temporary directories created with world-readable permiss… 

    …ions

(Written for a Unix system, but might be applicable to Windows as well).

pytest creates a root temporary directory under /tmp, named
`pytest-of-<username>`, and creates tmp_path's and other under it.
/tmp is shared between all users of the system.

This root temporary directory was created with 0o777&~umask permissions,
which usually becomes 0o755, meaning any user in the system could list
and read the files, which is undesirable.

Use 0o700 permissions instead. Also for subdirectories, because the root
dir is adjustable.
    @bluetech
    bluetech committed Apr 3, 2021
    Copy the full SHA
    9dc54f7 View commit details
    Browse the repository at this point in the history

  4. tmpdir: prevent using a non-private root temp directory 

    pytest uses a root temp directory named `/tmp/pytest-of-<username>`. The
name is predictable, and the directory might already exists from a
previous run, so that's allowed.

This makes it possible for my_user to pre-create
`/tmp/pytest-of-another_user`, thus giving my_user control of
another_user's tempdir.

Prevent this scenario by adding a couple of safety checks. I believe
they are sufficient.

Testing the first check requires changing the owner, which requires
root permissions, so can't be unit-tested easily, but I checked it
manually.
    @bluetech
    bluetech committed Apr 3, 2021
    Copy the full SHA
    822686e View commit details
    Browse the repository at this point in the history