-
Notifications
You must be signed in to change notification settings - Fork 438
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
~/.gitsomeconfig world readable #165
Comments
|
Hi,
This is a low-severity security issue.
By default,
gh
applies the user's umask to the~/.gitsomeconfig
file created bygh configure
. Many systems do not have strict user umasks by default. For example, on the Ubuntu 18 system where I tested this the default umask is 022. Consequently~/.gitsomeconfig
has mode 0644, so is world readable. (On the same system,useradd(1)
by default creates home directories with mode 0755, ie world accessible).The
~/.gitsomeconfig
configuration file contains the user's GitHub username and access token. The access token has full "repo" ("Full control of private repositories") and "user" ("Update all user data") permissions for GitHub. In this configuration, other local users might be able to steal and use these tokens.Arguably this is operator error (Don't make your home world accessible! Set a stricter umask!) but the reality is that this sentiment won't make a difference, at least for some users. SSH has some precedent here: it will ignore publicly accessible private key files and won't let them be used.
The pertinent function is in gitsome/config.py, function
save_config()
, which just clobbers the config file:This snippet could be wrapped in a couple of
umask()
calls (temporarily set to 077) as a minimal precaution on creating world-readable configuration files.The text was updated successfully, but these errors were encountered: