Closed Bug 1434911 Opened 8 years ago Closed 8 years ago

NS_OpenAnonymousTemporaryNsIFile should create files as 0600 instead of 0700

Tracking

()

Status:

RESOLVED FIXED

Milestone:

mozilla60

Tracking Flags:

Tracking

Status

firefox60

---

fixed

People

(Reporter: Alex_Gaynor, Assigned: Alex_Gaynor)

Details

Attachments

(1 file)

Bug 1434911 - when creating temporary files, don't set the executable bit; 8 years ago Alex Gaynor [:Alex_Gaynor] 59 bytes, text/x-review-board-request	froydnj : review+	Details

Alex Gaynor [:Alex_Gaynor]

Assignee

Description

•

8 years ago

Currently files created by NS_OpenAnonymousTemporaryNsIFile have 0700 permissions. None of the consumers I see have any need for the executable bit, so we should drop it and use 0600 instead. There's no particular attack this is preventing, just a general principle of least permission - no reason to create things with more permissions than we need.

Nathan Froyd [:froydnj]

Comment 1

•

8 years ago

Priority: -- → P1

Comment hidden (mozreview-request)

Nathan Froyd [:froydnj]

Comment 3

•

8 years ago

mozreview-review

Comment on attachment 8947461 [details] Bug 1434911 - when creating temporary files, don't set the executable bit; https://reviewboard.mozilla.org/r/217158/#review222962 Do we know whether our download code uses temporary files and if it sets the executable bit correctly when it renames downloaded files? (i.e. This change is not going to break some subtle logic in the download code?) I assume that it does, but I guess I've never checked...

Attachment #8947461 - Flags: review?(nfroyd) → review+

Alex Gaynor [:Alex_Gaynor]

Assignee

Comment 4

•

8 years ago

mozreview-review-reply

Comment on attachment 8947461 [details] Bug 1434911 - when creating temporary files, don't set the executable bit; https://reviewboard.mozilla.org/r/217158/#review222962 A review of all the callers in searchfox doesn't show any that look like they're related to downloading. I also kicked off a try run and won't land until that's green.

Nathan Froyd [:froydnj]

Comment 5

•

8 years ago

mozreview-review-reply

Comment on attachment 8947461 [details] Bug 1434911 - when creating temporary files, don't set the executable bit; https://reviewboard.mozilla.org/r/217158/#review222962 Excellent, thank you!

Alex Gaynor [:Alex_Gaynor]

Assignee

Updated

•

8 years ago

Keywords: checkin-needed

Pulsebot

Comment 6

•

8 years ago

Pushed by ccoroiu@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/3308206a8cbb when creating temporary files, don't set the executable bit; r=froydnj

Keywords: checkin-needed

Cristina Coroiu [:ccoroiu]

Comment 7

•

8 years ago

bugherder

https://hg.mozilla.org/mozilla-central/rev/3308206a8cbb

Status: NEW → RESOLVED

Closed: 8 years ago

status-firefox60: affected → fixed

Resolution: --- → FIXED

Target Milestone: --- → mozilla60

You need to log in before you can comment on or make changes to this bug.

Bugzilla

NS_OpenAnonymousTemporaryNsIFile should create files as 0600 instead of 0700

Categories

(Core :: XPCOM, enhancement, P1)

Tracking

()

People

(Reporter: Alex_Gaynor, Assigned: Alex_Gaynor)

References

Details

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Comment 1

Comment 2

Comment 3

Comment 4

Comment 5

Updated

Comment 6

Comment 7

Attachment

General

Description

File Name

Content Type