DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=Sz8+ty/Ibfd0LCmiHLrDqtppiWIjg/6W/hO+YA1L8wY+iFMukOpQ7
	+BU5e+fFfkQD+5m8ew4Gb8LifATP19FhhdC7aBDZySrwBobNzz6FzE1Di8TkXS1d
	804BXvNbAQmHL5DyJmPvJR8Qfh9HVMiPSWJMJqWIRD+PL2YBApfWLw=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Date: Mon, 17 Nov 2014 10:26:00 +0100
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: rebase db perms seem too restrictive
Message-ID: <20141117092600.GB3151@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <5469682A DOT 6090501 AT shaddybaddah DOT name>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;	protocol="application/pgp-signature"; boundary="0ntfKIWw70PvrIHh"
Content-Disposition: inline
In-Reply-To: <5469682A.6090501@shaddybaddah.name>
User-Agent: Mutt/1.5.23 (2014-03-12)

--0ntfKIWw70PvrIHh
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Nov 17 14:14, Shaddy Baddah wrote:
> Hi,
>=20
> I expect that there wasn't any explicit reasoning behind this, but
> rebase creates a db with permissions that are too restrictive. To me
> anyway, as I cannot see any danger in the db being readable by all.
>=20
> This snippet describes it:
>=20
> <snip>
> $ whoami
> sbaddah
> $ od -c /etc/rebase.db.x86_64
> od: /etc/rebase.db.x86_64: Permission denied
> $ ls -l /etc/rebase.db.x86_64
> -rw-rw---- 1 portapps None 86020 Nov 11 15:34 /etc/rebase.db.x86_64
> </snip>
>=20
> I've attached an untested patch that would allow at least world readable
> perms. It would be appreciated if it was applied :-)
>=20
> --=20
> Regards,
> Shaddy

> diff --git a/rebase.c b/rebase.c
> index 9504a48..a078e1d 100644
> --- a/rebase.c
> +++ b/rebase.c
> @@ -288,7 +288,7 @@ mkstemp (char *name)
>  {
>    return _open (mktemp (name),
>        O_RDWR | O_BINARY | O_CREAT | O_EXCL | O_TRUNC | _O_SHORT_LIVED,
> -      _S_IREAD|_S_IWRITE);
> +      _S_IREAD|_S_IWRITE|S_IRGRP|S_IROTH);
>  }
>  #endif

That won't work.  Check the surroundng #ifdef's.  The mkstemp
replacement function is only called when building rebase for Mingw.  If
it's called on Cygwin, it uses Cygwin's implementation of mkstemp,
which follows the (security) lead of other POSIX systems and creates
the files with 0600 permissions.  After the file got written, the
permissions are changed, see lines 358ff.


Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--0ntfKIWw70PvrIHh
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUab8oAAoJEPU2Bp2uRE+gpsEP/A8Exr3w1bmUBLV27XTjNCZV
8hap3zAK4PlJ5LDlQttRztUJLrjGxmsTGU7gORHUiZ7vgUUXs72qlh6kNrKx7fFI
SCUkN0iT0KhwKUxTXLaBi/zdBu3TLftvUsxuMB2VhwIOPGVokSdv2MPz7cXnJxIj
rCy3UKxsfRBB1mXLxQovjYyJ+mZ7IfPWfviLQKLFFNwSxv5YEZ2N2SxZxpAW9r15
z/NWKy9cYB+25g6xHyjdLrfrw+g2RikeMyGxeMVBcqKWnYKIw4KKRj1npeFKO5Hb
RxjXtk0RsraoNyklf0X5iIFf0oisi+2FyW/WhXIpHjfR6AHs4/6Z/tL1YZveIX1x
btzXsJ/RABSAQt1GQEHASZ54lgcAFgEH9alLR2BgwUxJjEtjl+HI1wSk3/zJVAJv
JZrPbiMdTPUwyBiWVfVILLGWOY6SMKOxpgzB0aJpiH/1Qh5il7yw9oeMOqTC4lG2
prtZL18nH1EzjQTEY5xa0jvPYorh+5RG9vDBDGslCNcABabkPTj5xkFtkoOz+NpX
eAxBwKP4GER9xXeuud6s9Gj5IQZ01essKSpPnVgV6MREHg1eMxnaR+stWh87q/7e
Hi/BiZvJFp4CKtLLxOHcY1wNwpdfShKuiCcjI5xAQElTrRi5Spvm5qlzd3KhMsal
dRO6StrrUIZyvBCuVHSy
=Oqx8
-----END PGP SIGNATURE-----

--0ntfKIWw70PvrIHh--