From 8019c113e72de8f9381fe6a2572b65ceb420918c Mon Sep 17 00:00:00 2001 From: Allie Crevier Date: Thu, 29 Apr 2021 11:42:00 -0700 Subject: [PATCH] ensure safe perms for svs.sqlite and sync_flag Signed-off-by: Allie Crevier --- securedrop_client/app.py | 1 + securedrop_client/db.py | 2 ++ securedrop_client/gui/main.py | 2 -- securedrop_client/logic.py | 6 ++++++ tests/test_logic.py | 17 ++++++++++++----- 5 files changed, 21 insertions(+), 7 deletions(-) diff --git a/securedrop_client/app.py b/securedrop_client/app.py index db7ac6f82..7630115bf 100644 --- a/securedrop_client/app.py +++ b/securedrop_client/app.py @@ -190,6 +190,7 @@ def start_app(args, qt_args) -> None: - configure the client (logic) object. - ensure the application is setup in the default safe starting state. """ + os.umask(0o077) configure_locale_and_language() init(args.sdc_home) configure_logging(args.sdc_home) diff --git a/securedrop_client/db.py b/securedrop_client/db.py index b4663af83..606f18a1b 100644 --- a/securedrop_client/db.py +++ b/securedrop_client/db.py @@ -37,6 +37,8 @@ def make_session_maker(home: str) -> scoped_session: db_path = os.path.join(home, "svs.sqlite") engine = create_engine("sqlite:///{}".format(db_path)) + if os.path.exists(db_path) and oct(os.stat(db_path).st_mode) != "0o100700": + os.chmod(db_path, 0o700) maker = sessionmaker(bind=engine) return scoped_session(maker) diff --git a/securedrop_client/gui/main.py b/securedrop_client/gui/main.py index 3dee3bc77..42929a0ab 100644 --- a/securedrop_client/gui/main.py +++ b/securedrop_client/gui/main.py @@ -20,7 +20,6 @@ along with this program. If not, see . """ import logging -import os from gettext import gettext as _ from typing import Dict, List, Optional # noqa: F401 @@ -56,7 +55,6 @@ def __init__(self) -> None: place for details / message contents / forms. """ super().__init__() - os.umask(0o077) load_font("Montserrat") load_font("Source_Sans_Pro") self.setStyleSheet(load_css("sdclient.css")) diff --git a/securedrop_client/logic.py b/securedrop_client/logic.py index bee5f41f9..1b0f3815f 100644 --- a/securedrop_client/logic.py +++ b/securedrop_client/logic.py @@ -337,7 +337,13 @@ def __init__( self.show_last_sync_timer.timeout.connect(self.show_last_sync) # Path to the file containing the timestamp since the last sync with the server + # TODO: Remove this code once the sync timestamp is tracked instead in svs.sqlite self.last_sync_filepath = os.path.join(home, "sync_flag") + if ( + os.path.exists(self.last_sync_filepath) + and oct(os.stat(self.last_sync_filepath).st_mode) != "0o100700" + ): + os.chmod(self.last_sync_filepath, 0o700) @property def is_authenticated(self) -> bool: diff --git a/tests/test_logic.py b/tests/test_logic.py index afa2d6f16..3a7a28bb6 100644 --- a/tests/test_logic.py +++ b/tests/test_logic.py @@ -82,11 +82,18 @@ def test_Controller_init(homedir, config, mocker, session_maker): """ mock_gui = mocker.MagicMock() - co = Controller("http://localhost/", mock_gui, session_maker, homedir) - assert co.hostname == "http://localhost/" - assert co.gui == mock_gui - assert co.session_maker == session_maker - assert co.api_threads == {} + # Ensure a sync_flag file with insecure perms is updated with the expected perms + insecure_sync_flag_path = os.path.join(homedir, "sync_flag") + with open(insecure_sync_flag_path, "w"): + os.chmod(insecure_sync_flag_path, 0o100644) + assert oct(os.stat(insecure_sync_flag_path).st_mode) == "0o100644" # sanity check + co = Controller("http://localhost/", mock_gui, session_maker, homedir) + assert co.hostname == "http://localhost/" + assert co.gui == mock_gui + assert co.session_maker == session_maker + assert co.api_threads == {} + assert co.last_sync_filepath == insecure_sync_flag_path + assert oct(os.stat(co.last_sync_filepath).st_mode) == "0o100700" def test_Controller_setup(homedir, config, mocker, session_maker, session):