pi-hole/pi-hole

FTL database shouldn't be readable by unprivileged users

orazioedoardo opened this issue · 8 comments

orazioedoardo commented

Expected behavior

FTL database is private.

Actual behavior / bug

Any users on the system can read the database and gather information about pihole usage patters, domains visited, etc.

Steps to reproduce

Observe that the database at /etc/pihole/pihole-FTL.db has -rw-rw-r-- permissions.

pi-hole/advanced/Templates/pihole-FTL-prestart.sh

Line 27 in 19bfa08

chmod -f 0664 /etc/pihole/pihole-FTL.db

Additional context

DNS logs are already configured with -rw-r----- but the database contains a lot more data and for a longer timespan.

github-actions commented

This issue is stale because it has been open 30 days with no activity. Please comment or update this issue or it will be closed in 5 days.

orazioedoardo commented

Still relevant

DL6ER commented

Thanks for your suggestion and sorry for the huge delay. I will make sure to submit this as a change into the currently running public Pi-hole v6.0 beta round.

  • 👍1
github-actions commented

This issue is stale because it has been open 30 days with no activity. Please comment or update this issue or it will be closed in 5 days.

PromoFaux commented

Apaprently the never-stale label does not work here.. changed to a known working one for now

rdwebdesign commented

Note about the never-stale label:

Apaprently the never-stale label does not work here

never-stale is missing for issues:

pi-hole/.github/workflows/stale.yml

Line 27 in 5490a6e

exempt-issue-labels: 'Internal, Fixed in next release, Bug: Confirmed, Documentation Needed'

There is a different workflow for PRs. That workflow has a different set of labels and includes never-stale:

pi-hole/.github/workflows/stale_pr.yml

Line 31 in 5490a6e

exempt-pr-labels: 'internal, never-stale, ON HOLD, WIP'

Iksas commented

Somewhat related: /etc/pihole/setupVars.conf contains the password hash of the web interface, and is world-readable. This can make it easier to brute force the password.

Could it be a solution to make the files in /etc/pihole/ readable by members of the pihole group only? The LIGHTTPD_USER is already a member of the pihole group anyway, so the web interface should be compatible with this change:

https://github.com/pi-hole/pi-hole/blob/master/automated%20install/basic-install.sh#L1923

DL6ER commented

@orazioedoardo Sorry for the (very!) large delay, I just found this ticket in my todo list and created pi-hole/FTL#1955
@Iksas this has already been implemented in Pi-hole v6.0

  • 👍1