-
Type: Improvement
-
Resolution: Won't Fix
-
Priority: Major - P3
-
None
-
Affects Version/s: 3.3.12
-
Component/s: Shell
-
Platforms 2016-09-19, Platforms 2016-10-10, Platforms 2016-10-31
SERVER-25335 means that the shell will no longer create the .dbshell history file with overly broad permissions (readable/writable by group or other). However, this doesn't help users who already have a history file with overly broad permissions, and who are not aware of this problem.
The shell cannot explicitly chmod the history file, because that would potentially override the user's intentions in some cases (eg. a history file that is deliberately readable by other members of an admin Unix group).
Thus the shell should output a single-line warning to the user if the permissions on the history file permit other users to read or write it. This is similar to how OpenSSH handles overly broad permissions on private key files (except that it will outright refuse to run, since broad permissions on private key material is never reasonable).
Note that this will require checking not just the permissions on the history file, but also on the home directory (and all ancestor directories). For example, a mode 0644 .dbshell file in a mode 0700 home directory should not issue the warning. Specifically, the warning requires:
- the owner of the history file does not match the effective uid of the running shell, OR
- the history file mode must match when ANDed against a mask of 0077, AND
- all containing parent directories that have the same owner as the history file match against a mask of 0011, AND
- all containing parent directories that have a different owner match against a mask of 0111.
- related to
-
SERVER-25335 0002 umask yields world-readable .dbshell history file
- Closed