diff options
| author |  Joey Hess <joey@kitenet.net> | 2013-08-21 11:43:32 -0400 |
|---|---|---|
| committer | Joey Hess <joey@kitenet.net> | 2013-08-21 11:43:32 -0400 |
| commit | 954c2bed66e1dea2b832afb83594307d06bbd764 (patch) | |
| tree | c754a0ff006f7ad858118766bd299aae08244169 /doc | |
| parent | 66c6b68bccdd0668438a9a53c13749f7d5ff7d83 (diff) | |
bug report
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/bugs/400_mode_leakage.mdwn | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/doc/bugs/400_mode_leakage.mdwn b/doc/bugs/400_mode_leakage.mdwn new file mode 100644 index 000000000..e0228a18a --- /dev/null +++ b/doc/bugs/400_mode_leakage.mdwn @@ -0,0 +1,17 @@ +git-annex tends to preserve files that are added to an annex with +a mode such as 400. (Happens to me sometimes with email attachments.) +As these files are rsynced around, and end up on eg, a +publically visible repo with a webserver frontend, or a repo that is +acessible to a whole group of users, they will not be readable. + +I think it would make sense for git-annex to normalize file permissions +when adding them. Of course, there's some tension here with generally +storing file metadata when possible. Perhaps the normalization should only +ensure that group and other have read access? + +(Security: We can assume that a repo that is not intended to be public is +in a 700 directory. And since git-annex cannot preserve file modes when +files transit through a special remote, using modes to limit access to +individual files is not wise.) + +--[[Joey]] |