You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
By default, gh applies the user's umask to the ~/.gitsomeconfig file created by gh configure. Many systems do not have strict user umasks by default. For example, on the Ubuntu 18 system where I tested this the default umask is 022. Consequently ~/.gitsomeconfig has mode 0644, so is world readable. (On the same system, useradd(1) by default creates home directories with mode 0755, ie world accessible).
The ~/.gitsomeconfig configuration file contains the user's GitHub username and access token. The access token has full "repo" ("Full control of private repositories") and "user" ("Update all user data") permissions for GitHub. In this configuration, other local users might be able to steal and use these tokens.
Arguably this is operator error (Don't make your home world accessible! Set a stricter umask!) but the reality is that this sentiment won't make a difference, at least for some users. SSH has some precedent here: it will ignore publicly accessible private key files and won't let them be used.
The pertinent function is in gitsome/config.py, function save_config(), which just clobbers the config file:
This snippet could be wrapped in a couple of umask() calls (temporarily set to 077) as a minimal precaution on creating world-readable configuration files.
The text was updated successfully, but these errors were encountered:
mcarpenter
added a commit
to mcarpenter/gitsome
that referenced
this issue
Jul 9, 2019
By default, gh applies the user's umask to the ~/.gitsomeconfig file created by gh configure. Many systems do not have strict user umasks by default. For example, on the Ubuntu 18 system where I tested this the default umask is 022. Consequently ~/.gitsomeconfig has mode 0644, so is world readable. (On the same system, useradd(1) by default creates home directories with mode 0755, ie world accessible).
The ~/.gitsomeconfig configuration file contains the user's GitHub username and access token. The access token has full "repo" ("Full control of private repositories") and "user" ("Update all user data") permissions for GitHub. In this configuration, other local users might be able to steal and use these tokens.
Arguably this is operator error (Don't make your home world accessible! Set a stricter umask!) but the reality is that this sentiment won't make a difference, at least for some users. SSH has some precedent here: it will ignore publicly accessible private key files and won't let them be used.
The pertinent function is in gitsome/config.py, function save_config(), which just clobbers the config file:
This snippet could be wrapped in a couple of umask() calls (temporarily set to 077) as a minimal precaution on creating world-readable configuration files.
Hi,
This is a low-severity security issue.
By default,
ghapplies the user's umask to the~/.gitsomeconfigfile created bygh configure. Many systems do not have strict user umasks by default. For example, on the Ubuntu 18 system where I tested this the default umask is 022. Consequently~/.gitsomeconfighas mode 0644, so is world readable. (On the same system,useradd(1)by default creates home directories with mode 0755, ie world accessible).The
~/.gitsomeconfigconfiguration file contains the user's GitHub username and access token. The access token has full "repo" ("Full control of private repositories") and "user" ("Update all user data") permissions for GitHub. In this configuration, other local users might be able to steal and use these tokens.Arguably this is operator error (Don't make your home world accessible! Set a stricter umask!) but the reality is that this sentiment won't make a difference, at least for some users. SSH has some precedent here: it will ignore publicly accessible private key files and won't let them be used.
The pertinent function is in gitsome/config.py, function
save_config(), which just clobbers the config file:This snippet could be wrapped in a couple of
umask()calls (temporarily set to 077) as a minimal precaution on creating world-readable configuration files.The text was updated successfully, but these errors were encountered: