Merge lp://staging/~joke/bzr/file_permissions_authentication.conf into lp://staging/bzr

Proposed by John A Meinel
Status: Work in progress
Proposed branch: lp://staging/~joke/bzr/file_permissions_authentication.conf
Merge into: lp://staging/bzr
Diff against target: 52 lines (+19/-0) (has conflicts)
1 file modified
bzrlib/config.py (+19/-0)
Text conflict in bzrlib/config.py
To merge this branch: bzr merge lp://staging/~joke/bzr/file_permissions_authentication.conf
Reviewer Review Type Date Requested Status
Vincent Ladeuil Needs Information
Review via email: mp+58666@code.staging.launchpad.net

Commit message

Bug #475501, create authentication.conf with mode 0600

Description of the change

We currently don't do much fancy with authentication.conf permissions. Joke de Buhr reasonably pointed out that we could create the file as 600 and avoid defaulting to having your passwords accessible by other users on the system.

I haven't looked over the patch at all, just trying to get it out of the In Progress queue and get a decision on it.

To post a comment you must log in.
Revision history for this message
Jelmer Vernooij (jelmer) wrote :

I wonder how this will do on Windows? It seems to rely on Unix modes, and it would be nice to add some tests.

Revision history for this message
John A Meinel (jameinel) wrote :

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 5/3/2011 1:45 AM, Jelmer Vernooij wrote:
> I wonder how this will do on Windows? It seems to rely on Unix modes, and it would be nice to add some tests.

The attributes are all available on Windows. Probably the big concern is
that it is a bit hard to set the modes reliably, and then the warning
will occur repeatedly.

John
=:->

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk2/8IgACgkQJdeBCYSNAAONQwCfYs+M6SRAQ23cjkMe51+7EMTD
wRsAn0rJ1SE+hDQMK7XlKWmGkfc6MhSk
=vrH1
-----END PGP SIGNATURE-----

Revision history for this message
Vincent Ladeuil (vila) wrote :

The approach I've seen used in other contexts for such sensible informations seems to be:
- create the file with user-only persmissions,
- refuse to use it if others (even group) can read it

That's not exactly the approach taken here.

Now, I think windows doesn't provide this (user-only access) easily so we may just don't check there.

So what do others think ? Should we:

- create with 0600,
- warn if group or other have read access (not on windows)

or

- create with 0600
- refuse to use the file if group or other have read access (not on windows)

Something else ?

I'm fine with finishing this proposal if we reach a consensus, in the mean time, I'll mark this as wip.

review: Needs Information
Revision history for this message
Vincent Ladeuil (vila) wrote :

I forgot:

27 + if not GlobalConfig().get_user_option_as_bool(
28 + 'no_insecure_permissions_warning') :

We have a suppress_warnings config option that should be used here instead of introducing a new one (it's a list of warning names that should not be displayed, see bzrlib.config.Config.suppress_warning.

Unmerged revisions

4791. By Joke de Buhr

Don't emit warning message if the option 'no_insecure_permissions_warning'
is set to 'True' in bazaar.conf [DEFAULT]

4790. By Joke de Buhr

Emit warning message if an authentication.conf file hase insecure file permissions.

4789. By Joke de Buhr

create authentication.conf with umask 166 (permissions: u=rw,go=)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
The diff is not available at this time. You can reload the page or download it.