Bug#1007240: gnome-boxes: disk image is world-readable by default

[Ansgar]

Package: gnome-boxes
Version: 42~beta-1
Severity: important
Tags: security

I created a VM using gnome-boxes. The disk image created seems to be
world-readable (and executable):

+---
> ls -ld .local{,/share{,/gnome-boxes{,/images{,/debian11-uni}}}}
> drwx------  3 ansgar ansgar       4096 Mar  7 13:50 .local
> drwxr-xr-x 48 ansgar ansgar       4096 Mar  7 13:38 .local/share
> drwxr-xr-x  3 ansgar ansgar       4096 Mar  7 13:37 .local/share/gnome-boxes
> drwxr--r--  2 ansgar ansgar       4096 Mar  7 13:39 
> .local/share/gnome-boxes/images
> -rwxr--r--  1 ansgar ansgar 1580728320 Mar  7 13:50 
> .local/share/gnome-boxes/images/debian11-uni
+---

I'm not sure one can rely on the permissions of ~/.local.

As the disk image may contain private information, I believe the
permissions should be more restrictive, that is, only read/write
access for the user and none for group and others.

Ansgar

-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'stable-security'), (500, 'stable-debug'), (500, 'testing'), (500, 'stable'), 
(500, 'oldstable'), (300, 'buildd-unstable'), (300, 'unstable'), (1, 
'experimental-debug'), (1, 'buildd-experimental'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.16.0-1-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gnome-boxes depends on:
ii  dconf-gsettings-backend [gsettings-backend]  0.40.0-3
ii  genisoimage                                  9:1.1.11-3.2
ii  libarchive13                                 3.5.2-1
ii  libc6                                        2.33-7
ii  libcairo2                                    1.16.0-5
ii  libgdk-pixbuf-2.0-0                          2.42.6+dfsg-2
ii  libglib2.0-0                                 2.70.4-1
ii  libgtk-3-0                                   3.24.31-1
ii  libgtk-vnc-2.0-0                             1.0.0-1+b1
ii  libgudev-1.0-0                               237-2
ii  libgvnc-1.0-0                                1.0.0-1+b1
ii  libhandy-1-0                                 1.5.90-1
ii  libosinfo-1.0-0                              1.8.0-1
ii  libosinfo-bin                                1.8.0-1
ii  libsecret-1-0                                0.20.5-2
ii  libsoup2.4-1                                 2.74.2-3
ii  libspice-client-glib-2.0-8                   0.39-3
ii  libspice-client-gtk-3.0-5                    0.39-3
ii  libtracker-sparql-3.0-0                      3.1.2-4
ii  libusb-1.0-0                                 2:1.0.25-1
ii  libvirt-daemon                               8.0.0-1
ii  libvirt-glib-1.0-0                           4.0.0-2
ii  libwebkit2gtk-4.0-37                         2.34.6-1~deb11u1
ii  libxml2                                      2.9.13+dfsg-1
ii  tracker                                      3.1.2-4

Versions of packages gnome-boxes recommends:
ii  qemu-system-x86  1:6.2+dfsg-2

Versions of packages gnome-boxes suggests:
pn  gnome-connections  <none>

-- no debconf information