fuse-zip ignores missing write permissions on zip files
fuse-zip will happyly mount a read-only zip file in read-write mode. After unmount, write permissions and ownership of the file have changed:
myuser@myhost:/tmp$ chown myuser:cdrom a.zip
myuser@myhost:/tmp$ chmod 440 a.zip
myuser@myhost:/tmp$ ls -l a.zip
-r--r----- 1 myuser cdrom 15367 Oct 26 10:14 a.zip
myuser@myhost:/tmp$ mkdir a
myuser@myhost:/tmp$ fuse-zip a.zip a
myuser@myhost:/tmp$ rm a/*/*.pyw
myuser@myhost:/tmp$ fusermount -u a
myuser@myhost:/tmp$ ls -l a.zip
-rw-r--r-- 1 myuser myuser 7450 Oct 26 10:15 a.zip
This is a security hole and a risk of unintended data modification/loss.
from the ubuntu 18.04 repo
fuse-zip version: 0.4.4
FUSE library version: 2.9.7
fusermount version: 2.9.7
using FUSE kernel interface version 7.19
Comments (5)
-
reporter -
repo owner - marked as major
-
assigned issue to
fuse-zip doesn't write directly into an archive file. Instead of this file system creates a new file with new archive content and then renames it to the old archive name. So if file system process has write permissions for a directory containing archive, it may overwrite source archive file even if it is write-protected.
What should I do in the following cases:
- fuse-zip is invoked on a read-only file;
- fuse-zip is invoked on a read-write file, but then file is chmod-ed to be read-only;
- fuse-zip is invoked on a read-only file, but then file is chmod-ed to be read-write?
-
reporter - fuse-zip is invoked on a read-only file -> refuse to mount read-write
- fuse-zip is invoked on a read-write file, but then file is chmod-ed to be read-only -> keep current behaviour (permissions are only relevant when opening, here: mounting, the archive)
- fuse-zip is invoked on a read-only file, but then file is chmod-ed to be read-write? -> refuse to mount read-write
Mounting read-write should also be refused if the archive is in a read-only directory (because the create-and-rename approach will not work).
-
repo owner - changed status to resolved
start in read-only mode if file is read-only or parent dir is read-only (fixes
#54)→ <<cset bd542f818c5e>>
-
repo owner - changed status to closed
fixed in 0.5.0
- Log in to comment
Read-only archives should be mounted as read-only filesystems.