summaryrefslogtreecommitdiff
path: root/doc/bugs/400_mode_leakage.mdwn
diff options
context:
space:
mode:
Diffstat (limited to 'doc/bugs/400_mode_leakage.mdwn')
-rw-r--r--doc/bugs/400_mode_leakage.mdwn17
1 files changed, 17 insertions, 0 deletions
diff --git a/doc/bugs/400_mode_leakage.mdwn b/doc/bugs/400_mode_leakage.mdwn
new file mode 100644
index 000000000..e0228a18a
--- /dev/null
+++ b/doc/bugs/400_mode_leakage.mdwn
@@ -0,0 +1,17 @@
+git-annex tends to preserve files that are added to an annex with
+a mode such as 400. (Happens to me sometimes with email attachments.)
+As these files are rsynced around, and end up on eg, a
+publically visible repo with a webserver frontend, or a repo that is
+acessible to a whole group of users, they will not be readable.
+
+I think it would make sense for git-annex to normalize file permissions
+when adding them. Of course, there's some tension here with generally
+storing file metadata when possible. Perhaps the normalization should only
+ensure that group and other have read access?
+
+(Security: We can assume that a repo that is not intended to be public is
+in a 700 directory. And since git-annex cannot preserve file modes when
+files transit through a special remote, using modes to limit access to
+individual files is not wise.)
+
+--[[Joey]]