472865 - umask for emails saved as a file are not respecting system umask

Status: RESOLVED FIXED

(MailNews Core :: Backend, defect)

Description

[Steve McMillen]

User-Agent:       Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b3pre) Gecko/20090109 Shiretoko/3.1b3pre
Build Identifier: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b3pre) Gecko/20090108 Shredder/3.0b2pre

Mac OS 10.5 allows for the default UMask for GUI apps to be changed via a property called NSUmask located in .GlobalPreferences.plist (either in /Library/Preferences for all users or in ~/Library/Preferences for a single user - note below tips on how to set this).

When this is set, applications should set the umask accordingly.  Thunderbird 2.0.19 does correctly respect this value.  Shredder/3.0b2pre does not respect this value and continues to use 022 always as its umask.



Reproducible: Always

Steps to Reproduce:
1. Set the umask on Mac OS 10.5 from default (022) to '002' (allow edit by members of same group - I do this when exporting emails in html format to our web site)
1. Open Shredder/3.0b2pre
2. Select a message either in Mail and Newsgroups window or Message Viewer window and "Save As" a new file.  Either set the output format to html or leave as .eml
3. Observe permissions on file.  

Expected: Permissions are rw-rw-r--
Actual: Permissions are rw-r--r--

Actual Results:  
Actual: Permissions are rw-r--r--

Expected Results:  
Expected: Permissions are rw-rw-r--


In contract, open Thunderbird 2.0.0.19
Perform the same actions (i.e. save an email to file)
In this case, the NSUmask setting in mac OS appears to be respected. The permissions come out to rw-rw-r-- as expected.


Tips about setting Umask on Mac OS X:

These two elements must be added to the .GlobalPreferences.plist (either in /Library/Preferences for all users or in ~/Library/Preferences for a single user - note below tips on how to set this).

	<key>NSUmask</key>
	<string>2</string>

Note: There is misleading info in the mac os x hints.  The doc I found that worked for me is this:
http://images.apple.com/server/macosx/docs/Leopard_Security_Config_20080530.pdf

(Apple's newly updated PDF guide titled Mac OS X: Security Configuration For Version 10.5 Leopard does mention the global variable NSUmask)

This recommends the following command line be used to set the pref:
sudo defaults write /Library/Preferences/.GlobalPreferences NSUmask 2

Comment 1

[Magnus Melin [:mkmelin]]

Does firefox respect it, for saving web pages?

Comment 2

[Steve McMillen]

The bug report is about Thunderbird 3.x (Shredder/3.0b2pre).

Shredder/3.0b2pre does not respect the NSUMask for saving Email as HTML (nor does it use the system umask either set in bashrc file).  

2.x versions of Thunderbird do respect this value and write files with the correct permissions.

This is a big problem for me as I often archive email discussions/decisions onto our team web site.

hope this make it more clear.  Sorry.

Comment 3

[Magnus Melin [:mkmelin]]

Yes I know what you mean, but does *firefox* respect it?
It's probably fallout from our file handling code modernization (code that's shared with firefox)

Comment 4

[Steve McMillen]

The latest Shiretoko/3.1b3pre  does seem to be respecting the value set for NSUMask.  I tried saving a web page using Cmd-S and also right clicking a PDF and saving that to disk.  Permissions came out as rw-rw-r-- (as expected for the NSUmask)

Latest Shredder/3.0b2pre is not.  Saving an email still results in permissions of rw-------

Comment 5

[ISHIKAWA, Chiaki]

Is this related to 
Bug 533976  - wrong file permissions when saving or detaching attachment  ?

Comment 7

[Matěj Cepl]

Yes, I can reproduce with Earlybird (Mozilla/5.0 (X11; Linux x86_64; rv:7.0a2) Gecko/20110804 Thunderbird/7.0a2). Switching architecture to All.

Comment 8

[Steve Kelem]

Thunderbird 17.0.2 creates directories with permissions 0775 and files with 0664, even when my umask is 022.

With a umask of 0222, directories should be created with 0755 and files with 0644.

Ubuntu 12.10, x86-64.

Comment 9

[Steve Kelem]

These lax permissions leave directories and files open to tampering by anyone in the same group, and so is a security vulnerability!

Comment 10

[ISHIKAWA, Chiaki]

(In reply to Steve Kelem from comment #8)
> Thunderbird 17.0.2 creates directories with permissions 0775 and files with
> 0664, even when my umask is 022.
> 
> With a umask of 0222, directories should be created with 0755 and files with
> 0644.
> 
> Ubuntu 12.10, x86-64.

0664 seems to come from:
https://mxr.mozilla.org/comm-central/source/mozilla/netwerk/base/src/nsFileStreams.cpp#822

821 NS_IMETHODIMP
822 nsFileOutputStream::Init(nsIFile* file, int32_t ioFlags, int32_t perm,
823                          int32_t behaviorFlags)
824 {
825     NS_ENSURE_TRUE(mFD == nullptr, NS_ERROR_ALREADY_INITIALIZED);
826     NS_ENSURE_TRUE(!mDeferredOpen, NS_ERROR_ALREADY_INITIALIZED);
827 
828     mBehaviorFlags = behaviorFlags;
829 
830     if (ioFlags == -1)
831         ioFlags = PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE;
832     if (perm <= 0)
833         perm = 0664;
834 
835     return MaybeOpen(file, ioFlags, perm,
836                      mBehaviorFlags & nsIFileOutputStream::DEFER_OPEN);
837 }

But I am not sure if this may have something to do with
https://bugzilla.mozilla.org/attachment.cgi?id=467834&action=edit
Bug 533976 - wrong file permissions when saving or detaching attachment

Comment 11

[Magnus Melin [:mkmelin]]

Attachment: proposed fix

We should use 0666 to let the system umask apply. (See 120679.)

Comment 12

[Magnus Melin [:mkmelin]]

See bug 120679 that is.

Comment 13

[Mark Banner (:standard8)]

Comment on attachment 707225 [details] [diff] [review]
proposed fix

Yeah looks fine.

Comment 14

[Magnus Melin [:mkmelin]]

http://hg.mozilla.org/comm-central/rev/62db600f84f1 -> FIXED