Some config files contain sensitive information and have permissions like =u+rw, but when using dispatch-conf (at least with the use-rcs option), the files created in the archive directory seem to be created with the default umask. Either the original file permissions should be applied, or the archive directory should have at least o-rwx permissions set to disallow all users from being able to browse the config files. Reproducible: Always
I've looked at the code, and done some basic testing, and it seems to copy the permission bits correctly. This code hasn't changed in years, so it shouldn't matter what version of portage I test with.
I think what is happening is that the first time it creates a file in the archive directory it uses the permissions of the source file, but in subsequent runs it doesn't update the permissions if they have changed. It even says this in the manpage. Of course, the manpage also suggests setting the permissions of the archive directory appropriately, which I have done (root:root 0750). Perhaps the manpage for dispatch-conf should mention that. Or, better, why can't dispatch-conf create the archive-dir with the correct permissions?
Sorry, the first two mentions of manpage in the previous comment were to the ci(1) manpage.
I've restricted the default archive-dir permissions to 700, and added warnings in dispatch-conf.conf and dispatch-conf.1: http://git.overlays.gentoo.org/gitweb/?p=proj/portage.git;a=commit;h=ecbdd241f7e8e28f1057781c4ac2013e8d476288
(In reply to comment #4) > http://git.overlays.gentoo.org/gitweb/?p=proj/portage.git;a=commit;h=ecbdd241f7e8e28f1057781c4ac2013e8d476288 This is included in portage-2.1.9.34 and 2.2.0_alpha18.
Fixed by Portage team or appropriate warnings added.
