Bug#981404: [Debian-med-packaging] Bug#981404: compressed file is world readable, while zstd is running

Mon, 01 Feb 2021 14:34:51 -0800 

Control: fixed -1 1.4.8+dfsg-1
Control: tag -1 patch

Greetings,

This critical issue is affecting Stable.  Permissions at
compression time are inherited from umask, this may be too
relaxed when handling sensitive files.

Fortunately, this seems to have been fixed upstream around
version 1.4.1.  Debian Sid is not affected anymore as far as I
can see.  I identified the few commits[1,2,3,4] from Mike
Swanson and Yann Collet which solved the issue.

[1] 
https://github.com/facebook/zstd/commit/3968160a916a759c3d3418da533e1b4f8b795343
[2] 
https://github.com/facebook/zstd/commit/af80f6dfacafcc2c916ecd57731107221e1f9986
[3] 
https://github.com/facebook/zstd/commit/8b6d96827c24dd09109830272f413254833317d9
[4] 
https://github.com/facebook/zstd/commit/7aaac3f69c1e0102099c192639017e660e88b4bf

After some folding, I obtained the following patch, with which I
could derive a fixed version of zstd 1.3.8 for Buster:

-------8<--------------8<--------------8<--------------8<-------
--- libzstd.orig/programs/fileio.c
+++ libzstd/programs/fileio.c
@@ -482,8 +482,14 @@
     }   }
 
     {   FILE* const f = fopen( dstFileName, "wb" );
-        if (f == NULL)
+        if (f == NULL) {
             DISPLAYLEVEL(1, "zstd: %s: %s\n", dstFileName, strerror(errno));
+        } else if (srcFileName != NULL
+                   && strcmp (srcFileName, stdinmark)
+                   && strcmp(dstFileName, nulmark) ) {
+                /* reduce rights on newly created dst file while compression 
is ongoing */
+            chmod(dstFileName, 00600);
+        }
         return f;
     }
 }
-------8<--------------8<--------------8<--------------8<-------

Side note to Debian Med, I know the package is transitionning to
pkg-rpm team, and I am not super comfortable yet preparing an
upload to Stable[5], so I'm just providing a proposal of patch
as a starter.

[5] 
https://www.debian.org/doc/manuals/developers-reference/pkgs.en.html#special-case-uploads-to-the-stable-and-oldstable-distributions

Kind Regards,
-- 
Étienne Mollier <etienne.moll...@mailoo.org>
Fingerprint:  8f91 b227 c7d6 f2b1 948c  8236 793c f67e 8f0d 11da
Sent from /dev/pts/2, please excuse my verbosity.

Attachment: signature.asc
Description: PGP signature

Reply via email to