diff options
Diffstat (limited to 'doc/bugs/400_mode_leakage.mdwn')
-rw-r--r-- | doc/bugs/400_mode_leakage.mdwn | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/doc/bugs/400_mode_leakage.mdwn b/doc/bugs/400_mode_leakage.mdwn new file mode 100644 index 000000000..e0228a18a --- /dev/null +++ b/doc/bugs/400_mode_leakage.mdwn @@ -0,0 +1,17 @@ +git-annex tends to preserve files that are added to an annex with +a mode such as 400. (Happens to me sometimes with email attachments.) +As these files are rsynced around, and end up on eg, a +publically visible repo with a webserver frontend, or a repo that is +acessible to a whole group of users, they will not be readable. + +I think it would make sense for git-annex to normalize file permissions +when adding them. Of course, there's some tension here with generally +storing file metadata when possible. Perhaps the normalization should only +ensure that group and other have read access? + +(Security: We can assume that a repo that is not intended to be public is +in a 700 directory. And since git-annex cannot preserve file modes when +files transit through a special remote, using modes to limit access to +individual files is not wise.) + +--[[Joey]] |