Permissions of secrets.d generations

[Mikilio]

I am using the home-manager module.

I've censored some ls commands to illustrate the issue:

› ls /run/user/1000/ -lah
total 0
drwx------ 13 mikilio users 460 Jul 17 02:16 .
drwxr-xr-x  3 root    root   60 Jul 17 00:20 ..
lrwxrwxrwx  1 mikilio users  26 Jul 17 02:15 secrets -> /run/user/1000/secrets.d/2
drwxr-x--x  3 mikilio users  60 Jul 17 02:15 secrets.d

› ls /run/user/1000/secrets.d -lah
total 0
drwxr-x--x  3 mikilio users  60 Jul 17 02:15 .
drwx------ 13 mikilio users 460 Jul 17 02:16 ..
drwxr-x--x  2 mikilio users 100 Jul 17 02:15 2

› ls /run/user/1000/secrets.d/2 -lah
total 12K
drwxr-x--x 2 mikilio users 100 Jul 17 02:15 .
drwxr-x--x 3 mikilio users  60 Jul 17 02:15 ..
-r-------- 1 mikilio users  16 Jul 17 02:15 foo 
-r-------- 1 mikilio users  16 Jul 17 02:15 bar
-r-------- 1 mikilio users  30 Jul 17 02:15 furries

As you can tell my directory /run/user/1000/secrets.d/2 is readable by other users. However, I do not necessarily want to let other users know what kind of passwords I store even if they can't read them. To at least have the option of privacy I think the easiest fix would be to XOR all permissions of the keys and set it as the permission of the generations directory.

[dasJ]

Could you run namei -l /run/user/1000/secrets.d/2? For me, /run/user/1000 already has 700 permissions

[Mikilio]

It is true /run/user/1000 has 700 and its files can not be accessed directly! The vulnerability comes from something I was in control of myself. Basically because of #287 I have set the paths to a directory in my somewhere in my home directory and that was to one that had loose permissions. Any user could see which keys I have, because the symlinks have the same name as the actual file.

Now the symlinks weren't created by myself but by the newly introduced option in sops-nix , so I don't know if there should be a check for this kind of unsecurity or if secret files should be hashed or if this should be blamed on the user.