Opened 8 years ago

#15137 new defect

Clearing read-only file attribute from Windows guest result in world writable permission.

Reported by: JackieKu Owned by:
Component: shared folders Version: VirtualBox 5.0.14
Keywords: umask, security Cc:
Guest type: Windows Host type: Linux


The shared folders of VirtualBox blindly maps read-only attribute of Windows guest to POSIX write permission. This behavior cause dangerous and undesired file permissions are set in the host system.

Steps to Reproduce

$ umask
$ ls -l a.txt
-rw-r--r-- 1 user1 user1 0 Feb 10 00:00 a.txt
  1. Set read-only attribute of the file "a.txt", from a Windows guest with the shared folder mounted.
    $ ls -l a.txt
    -r--r--r-- 1 user1 user1 0 Feb 10 00:00 a.txt
  2. Unset read-only attribute of the same file, from the same Windows guest.
    $ ls -l a.txt
    -rw-rw-rw- 1 user1 user1 0 Feb 10 00:00 a.txt

VirtualBox respects umask when only creating new files, but it should do the same when mapping read-only attribute (or something similar). Leaving files world writable is simply unacceptable.

Attachments (1)

Respect-umask-2-when-clearing-read-only-bit.patch (1.5 KB ) - added by JackieKu 8 years ago.
Proposed fix

Download all attachments as: .zip

Change History (1)

by JackieKu, 8 years ago

Proposed fix

Note: See TracTickets for help on using tickets.

© 2023 Oracle
ContactPrivacy policyTerms of Use