← Back to team overview

desktop-packages team mailing list archive

  1. desktop-packages team
  2. Mailing list archive
  3. Message #56869

[Bug 227808] Re: file permissions destroyed by vim/gvfs/fuse

  Thread PreviousDate PreviousThread Next 
** This bug is no longer flagged as a security vulnerability

** This bug is no longer flagged as a security vulnerability

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gvfs in Ubuntu.
https://bugs.launchpad.net/bugs/227808

Title:
  file permissions destroyed by vim/gvfs/fuse

Status in GVFS:
  New
Status in “gvfs” package in Ubuntu:
  Confirmed

Bug description:
  This bug is a little difficult to explain, but I will do my best. I'm
  using Ubuntu Hardy Heron with no third party repositories. Every
  package is up to date as of this posting.

  It goes like this. When I edit files with vim or gvim through
  gvfs/fuse/sftp the file permissions on the real remote file system get
  destroyed. Here is a procedure you can follow to duplicate this bug.
  The only non-default package you need installed is vim or gvim.

  1 - Open a terminal and ssh to a remote machine.
  2 - In this terminal create a text file on the remote machine, and set the permissions to 644. 
  3 - Go to the Places->Connect to Server... menu item, and create an SSH connection to the remote machine.
  4 - Double click the new sftp folder icon that appears on the desktop to open nautilus.
  5 - In nautilus browse to the directory containing the text file you just created.
  6 - Use the command ls -l in the ssh terminal to verify the permissions of the file are still 644.
  7 - In nautilus right-click on the text file, open it with "Text Editor" (gedit)
  8 - Make a change to the file in gedit and save it.
  9 - Use the ls -l command in the terminal to verify that the permissions of the file are still 644.
  10 - Exit gedit.
  11 - In nautilus right-click on the text file and select the option to open it with "GVim Text Editor"
  12 - Make some changes to the file in GVim, and save those changes.
  13 - Use the ls -l command in the terminal, and you will see that the permissions of the file are now 600, not 644.

  Some interesting things to note about this bug.

  If you open the text editors from the command line, instead of through
  nautilus, the same problem happens.

  So opening gedit like this:
  gedit ~/.gvfs/sftp\ on\ remote/home/user/test.txt
  will not damage the permissions.

  However, opening vim like this:
  vim ~/.gvfs/sftp\ on\ remote/home/user/test.txt
  will damage the permissions.

  Also, I notice that if you do this
  ls -l ~/.gfvs/sftp\ on\ remote/home/user/
  the permissions of test.txt (and every other file) will appear to be 600 (700 for directories), regardless of the file permissions on the "real" remote file system. If you attempt to chmod any files, it will result in a chmod of the actual permissions on the remote file system, but it will not change the permissions of the file in the local ~/.gvfs directory. 

  This has led me to conclude that this bug is a combination of two
  things. First, using the chmod command on files through gvfs/fuse/sftp
  does not work in an expected fashion. Secondly, gvim and vim appear to
  be chmod-ing files when they write to those files.

  I'm not sure this bug is an actual security risk. It seems it can only
  result in file permissions becoming more strict, not more permissive.
  However, I have checked the security box just to be safe. If file
  permissions involved, there could always be an unseen security issue.
  I can see a situation where an application losing the ability to read
  a needed file causes system breakage, if not a security hole.

To manage notifications about this bug go to:
https://bugs.launchpad.net/gvfs/+bug/227808/+subscriptions
  Thread PreviousDate PreviousThread Next