Bug 53390 - webapp-config respects the umask when creating new virtual hosts
Bug#: 53390 Product:  Gentoo Linux Version: unspecified Platform: x86
OS/Version: Linux Status: RESOLVED Severity: normal Priority: P2
Resolution: FIXED Assigned To: stuart@gentoo.org Reported By: wrobel@gentoo.org
Component: Ebuilds
URL: 
Summary: webapp-config respects the umask when creating new virtual hosts
Keywords:  
Status Whiteboard: 
Opened: 2004-06-09 04:35 0000
Description:   Opened: 2004-06-09 04:35 0000 
If webapp-config has to create the directory for a new virtual host the umask
is being respected. This can lead to an inaccessible web directory.

My test ebuild:
--------------------------------------------------------------
# Copyright 2004 Gentoo Technologies, Inc.
# Distributed under the terms of the GNU General Public License v2
# $Header$

inherit webapp

DESCRIPTION="The Bookmark Server for Personal and Team Use"
HOMEPAGE="http://www.sitebar.org/"
SRC_URI="mirror://sourceforge/${PN}/SiteBar-${PV}.tar.bz2"

LICENSE="GPL-2"
KEYWORDS="~x86"
IUSE=""

DEPEND=""
RDEPEND=">=net-www/apache-1.3
         >=dev-db/mysql-3.21
         >=dev-php/mod_php-4.1.0"

S=${WORKDIR}/SiteBar-${PV}

src_install() {
        webapp_src_preinst

        # This has to be done until Bug#53215 is fixed  
        mv "skins/Mozilla Modern" skins/MozillaModern

        webapp_sqlscript mysql sql/install.sql

        dodoc doc/*

        # Copy the app's main files

        # add the post-installation instructions

        #webapp_postinst_txt en ${FILESDIR}/postinstall-en.txt

        einfo "Installing main files"
        cp -r . ${D}${MY_HTDOCSDIR}

        # the inc directory will later hold the config
        # file so we need to be able to write to it

        webapp_serverowned ${MY_HTDOCSDIR}/inc


        # install it

        webapp_src_install
}
--------------------------------------------------------------


Reproducible: Always
Steps to Reproduce:
1. Set the umask to 0077 in the bash-startup scripts (e.g. /etc/profile)
2. emerge sitebar
3. webapp-config -I -h sitebar-test -d / sitebar 3.2.5b
4. ls -la /var/www

Actual Results:  
drwxr-xr-x   7 root root 4096 Jun  8 16:35 localhost
drwx------   6 root root 4096 Jun  9 13:25 sitebar-test


Expected Results:  
drwxr-xr-x   7 root root 4096 Jun  8 16:35 localhost
drwxr-xr-x   6 root root 4096 Jun  9 13:25 sitebar-test

------- Comment #1 From Stuart Herbert (RETIRED) 2004-06-09 15:42:27 0000 ------- 
Hiya!

Thanks for the bug report.  I'll make sure that this is fixed in v1.10.

Best regards,
Stu

------- Comment #2 From Stuart Herbert (RETIRED) 2004-06-11 15:08:52 0000 ------- 
Hi,

This should be fixed in webapp-config v1.10, which should be available on your local rsync mirror in about an hour.  Please test, and let me know how you get on.

Best regards,
Stu

------- Comment #3 From Gunnar Wrobel 2004-06-14 23:31:10 0000 ------- 
The new code creates the directory with mode 777. I think 755 would be the
correct choice since the root directory should not be writeable to all users.

Best Regards

Gunnat

------- Comment #4 From Stuart Herbert (RETIRED) 2004-06-26 17:50:59 0000 ------- 
I'll have to fix this in 1.10-r3

------- Comment #5 From Stuart Herbert (RETIRED) 2004-07-07 09:02:12 0000 ------- 
Okay, having thought about this, I've decided that webapp-config should be
running with a umask of zero.  It should be up to the ebuilds to ensure the
correct permissions are set for the files that are being installed.

I have changed webapp-config-1.10-r4, so that directories are always '775', and
server-owned files are '660' for now.  I've also tried to make sure that files
are never ever world-writable.  I'm not entirely sure those are the right
changes to make, but they're now out in the wild.

Best regards,
Stu

------- Comment #6 From Gunnar Wrobel 2004-07-14 00:05:59 0000 ------- 
Hi Stuart,

sorry for reopening ;) but webapp-config still leaves the /var/db/webapps/**/install and /var/www/**/htdocs/**/.webapp* files world writeable. 

I am not certain if webapp-config uses the .webapp* files for determining which files are to be removed during un-installation but this might be a severe security risk.

Regards

Gunnar

------- Comment #7 From Christoph Probst 2004-08-27 01:23:00 0000 ------- 
The new chmod in version -r10 probably fixes the main problem. But there are
still some possible race condition in fn_mkdir() and fn_writedotconfig().

Someone might be able to modify the content of a directory between its creation
via 'mkdir -p "$3/$2"' and the 'chmod "$G_DIRPERMS" "$3/$2"' as permission are
0777 for a while.

I'd recomment to at least use the -m option of mkdir to create the right
permissions directly. I haven't looked through it, but is it really necessary
to have umask 0 the whole time? Isn't it a better way to avoid using wrong
permissions at all than fixing them all the time?

(Btw: There is no "etc-upgrade" as written on the man page in section
"Protected Configuration Files")

Chris

------- Comment #8 From Christoph Probst 2004-08-28 02:59:59 0000 ------- 
I discovered another permission problem in -r6 and it seems as it hasn't been
fixed in -r10.

In fn_mkdir() the command 'libsh_erun mkdir -p "$3/$2"' is used to create
necessary directories. The option -p also creates missing subdirectories which
are not chmod-ed to the right permissions afterwards. Using webapp-config with
an option like '-d /nonexisting/phpmyadmin' should reproduce the problem.

This might also be fixed using the -m option of mkdir.

Chris

------- Comment #9 From Stuart Herbert (RETIRED) 2005-05-30 02:43:25 0000 ------- 
Hi,

Thanks for the man page fix.  That'll be fixed in webapp-config v1.11.

I'm in the process of testing mkdir -m, to see if it gives the results we need 
in all circumstances.  This bug is the root cause of security bug 91785; it'll 
be fixed in webapp-config v1.11.

Best regards,
Stu

------- Comment #10 From Renat Lumpau 2005-06-29 09:07:50 0000 ------- 
reassigning

------- Comment #11 From Stuart Herbert (RETIRED) 2005-11-20 09:18:52 0000 ------- 
Fixed in webapp-config v1.50.