Skip to content

Conversation

@Flowdalic
Copy link

Starting with e5dc1a8 ("Set umask before operations that create
local files") Nextcloud would create local files and directories with
their permission set to world readable. While you can protect access
to nextcloud's data/ directory by -x'ing it, when it comes to
permissions and security, a defensive approach is always
preferable. Hence this changes the used umask from 022 to 027.

This partly addresses #29041.

@szaimen szaimen added the 3. to review Waiting for reviews label Oct 26, 2021
@szaimen szaimen requested review from a team, CarlSchwan, come-nc and icewind1991 and removed request for a team October 26, 2021 15:11
@szaimen szaimen added this to the Nextcloud 24 milestone Oct 27, 2021
Starting with e5dc1a8 ("Set umask before operations that create
local files") Nextcloud would create local files and directories with
their permission set to world readable. While you can protect access
to nextcloud's data/ directory by -x'ing it, when it comes to
permissions and security, a defensive approach is always
preferable. Hence this changes the used umask from 022 to 027.

This partly addresses nextcloud#29041.

Signed-off-by: Florian Schmaus <flo@geekplace.eu>
@Flowdalic
Copy link
Author

Rebased on the latest master and added DCO. Please approve the workflows. Thanks.

@skjnldsv skjnldsv mentioned this pull request Mar 24, 2022
@blizzz blizzz mentioned this pull request Mar 31, 2022
This was referenced Apr 7, 2022
@blizzz blizzz modified the milestones: Nextcloud 24, Nextcloud 25 Apr 21, 2022
Copy link
Contributor

@come-nc come-nc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My preference would really go toward leaving umask alone, or at least make it an option.

@szaimen
Copy link
Contributor

szaimen commented May 5, 2022

@come-nc Something like #31293 ?

@come-nc
Copy link
Contributor

come-nc commented May 6, 2022

@come-nc Something like #31293 ?

Yes exactly, I forgot we had already a PR for this. @icewind1991 Could you review it?

@szaimen
Copy link
Contributor

szaimen commented Jun 10, 2022

obsoleted by #32723

@szaimen szaimen closed this Jun 10, 2022
@szaimen szaimen removed this from the Nextcloud 25 milestone Jun 10, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

3. to review Waiting for reviews

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants