Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

borg mount / borgfs security fix (1.1-maint) #4331

Merged
merged 1 commit into from
Feb 10, 2019
Merged

borg mount / borgfs security fix (1.1-maint) #4331

merged 1 commit into from
Feb 10, 2019

Conversation

ThomasWaldmann
Copy link
Member

@ThomasWaldmann ThomasWaldmann commented Feb 7, 2019
edited
Loading

platform testing will be done as part of release process.

@ThomasWaldmann ThomasWaldmann added this to the 1.1.9 milestone Feb 7, 2019
@ThomasWaldmann ThomasWaldmann self-assigned this Feb 7, 2019
@codecov-io
Copy link

codecov-io commented Feb 7, 2019
edited
Loading

Codecov Report

Merging #4331 into 1.1-maint will increase coverage by 0.09%.
The diff coverage is n/a.

Impacted file tree graph

@@             Coverage Diff              @@
##           1.1-maint   #4331      +/-   ##
============================================
+ Coverage      84.31%   84.4%   +0.09%     
============================================
  Files             23      23              
  Lines           9421    9421              
  Branches        1607    1607              
============================================
+ Hits            7943    7952       +9     
+ Misses          1030    1023       -7     
+ Partials         448     446       -2
Impacted Files Coverage Δ
src/borg/archiver.py 81.98% <ø> (+0.34%) ⬆️
src/borg/archive.py 82.68% <0%> (+0.15%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b5518b1...1b277cb. Read the comment docs.

@ThomasWaldmann ThomasWaldmann force-pushed the fuse-default-options branch 2 times, most recently from 34d86ee to 3c4bcdb Compare February 8, 2019 23:49
@ThomasWaldmann ThomasWaldmann mentioned this pull request Feb 9, 2019
Closed
@ThomasWaldmann ThomasWaldmann changed the title WIP: borg mount / borgfs security fix (1.1-maint) borg mount / borgfs security fix (1.1-maint) Feb 9, 2019
@ThomasWaldmann
security fix: configure FUSE with "default_permissions", fixes borgba…
1b277cb 
…ckup#3903

"default_permissions" is now enforced by borg by default to let the
kernel check uid/gid/mode based permissions.

"ignore_permissions" can be given to not enforce "default_permissions".

note: man mount.fuse explicitly tells about the security issue:

    default_permissions
	By  default FUSE doesn't check file access permissions, ...
	This option enables permission checking, restricting access
	based on file mode.
	This option is usually useful together with the allow_other
	mount option.

We consider this a pitfall waiting for someone to fall into and this is
why we chose to change the default behaviour for borg.
@ThomasWaldmann ThomasWaldmann merged commit 5b005bc into borgbackup:1.1-maint Feb 10, 2019
@ThomasWaldmann ThomasWaldmann deleted the fuse-default-options branch February 10, 2019 11:51
@ThomasWaldmann
Copy link
Member Author

fix is in 1.1.9 release.

result of platform testing was at first that same fakeroot-caused test failures as on macOS in the past are now also seen on linux (due to the on-by-default permissions check). fixed all platforms by ignoring permissions checking for this test.

@dotlambda dotlambda mentioned this pull request Feb 11, 2019
Merged
10 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@ThomasWaldmann ThomasWaldmann

Labels
security
Projects
None yet
Milestone
1.1.9
Development

Successfully merging this pull request may close these issues.
2 participants
@ThomasWaldmann @codecov-io