Check permissions on password file used.

derrickchoi / s3fs

Automatically exported from code.google.com/p/s3fs

GNU General Public License v2.0

0 stars 0 forks source link

Check permissions on password file used. #123

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago

From Adrian,

A security tip I recommend: when loading a passwd-s3fs file, fail to start if 
the permissions are too permissive. For local ones it should be 600. I'm not 
sure what it should be for a global one, but certainly no weaker than 644.

SSH does this and it saves a lot of people from themselves.

Original issue reported on code.google.com by dmoore4...@gmail.com on 10 Nov 2010 at 6:21

GoogleCodeExporter commented 8 years ago

Fixed in r233

If any password file is used, regardless if it is specified
on the command line, ~/.passwd-s3fs or /etc/passwd-s3fs it
is checked for appropriate permissions.

No password file is allowed to have any others permissions

Only the /etc/passwd-s3fs file is allowed to have any
group permissions, all others are not allowed to have
any group permissions.

Original comment by dmoore4...@gmail.com on 11 Nov 2010 at 5:15

Changed state: Fixed