Opened 8 years ago
#15137 new defect
Clearing read-only file attribute from Windows guest result in world writable permission.
| Reported by: | JackieKu | Owned by: | |
|---|---|---|---|
| Component: | shared folders | Version: | VirtualBox 5.0.14 |
| Keywords: | umask, security | Cc: | |
| Guest type: | Windows | Host type: | Linux |
Description
The shared folders of VirtualBox blindly maps read-only attribute of Windows guest to POSIX write permission. This behavior cause dangerous and undesired file permissions are set in the host system.
Steps to Reproduce
$ umask 0022 $ ls -l a.txt -rw-r--r-- 1 user1 user1 0 Feb 10 00:00 a.txt
- Set read-only attribute of the file "a.txt", from a Windows guest with the shared folder mounted.
$ ls -l a.txt -r--r--r-- 1 user1 user1 0 Feb 10 00:00 a.txt
- Unset read-only attribute of the same file, from the same Windows guest.
$ ls -l a.txt -rw-rw-rw- 1 user1 user1 0 Feb 10 00:00 a.txt
VirtualBox respects umask when only creating new files, but it should do the same when mapping read-only attribute (or something similar). Leaving files world writable is simply unacceptable.
Attachments (1)
Change History (1)
by , 8 years ago
| Attachment: | Respect-umask-2-when-clearing-read-only-bit.patch added |
|---|
Note:
See TracTickets
for help on using tickets.
Proposed fix