Don't “fix” the permissions of preexisting DOT_SAGE

Question

Don't “fix” the permissions of preexisting DOT_SAGE

Closed this issue 6 years ago · 10 comments

mezzarobba commented 6 years ago

See the commit message for details.

Component: scripts

Author: Marc Mezzarobba

Branch/Commit: 387fdfc

Reviewer: Matthias Koeppe

Issue created by migration from https://trac.sagemath.org/ticket/29093

Answer 1 · 2020-01-28T12:46:08.000Z

Description changed:

--- 
+++ 
@@ -1 +1 @@
-
+See the commit message for details.

Answer 2 · 2020-01-28T12:46:08.000Z

Commit: 387fdfc

Answer 3 · 2020-01-28T12:46:08.000Z

Author: Marc Mezzarobba

Answer 4 · 2020-01-28T12:46:08.000Z

Branch: u/mmezzarobba/29093-dot_sage_permissions

Answer 5 · 2020-01-28T12:46:08.000Z

New commits:

`387fdfc`	`Don't “fix” the permissions of preexisting DOT_SAGE`

Answer 6 · 2020-01-28T23:34:32.000Z

comment:2

Works for me.

Answer 7 · 2020-01-28T23:34:32.000Z

Reviewer: Matthias Koeppe

Answer 8 · 2020-01-28T23:47:58.000Z

comment:3

By the way, I checked that IPython creates some of its subfolders under $DOT_SAGE, and the notebook_cookie_secret file in $HOME/Library/Jupyter/runtime (on macOS) with more restrictive permissions (700/600).

On the other hand, the history file is 644.

So when the user sets the permissions of $DOT_SAGE to 755, the history will be exposed, but more sensitive data are still safe.

I haven't checked what the legacy notebook does.

(base) egret:~/.sage (t/29093/29093-dot_sage_permissions $%)$ ls -la ipython-5.0.0/profile_default
total 56
drwxr-xr-x  8 mkoeppe  staff    256 Jan 28 18:32 .
drwxr-xr-x  5 mkoeppe  staff    160 Jan 28 18:30 ..
drwxr-xr-x  2 mkoeppe  staff     64 Jan 28 18:30 db
-rw-r--r--  1 mkoeppe  staff  28672 Jan 28 18:32 history.sqlite
drwxr-xr-x  2 mkoeppe  staff     64 Jan 28 18:30 log
drwx------  2 mkoeppe  staff     64 Jan 28 18:30 pid
drwx------  2 mkoeppe  staff     64 Jan 28 18:30 security
drwxr-xr-x  3 mkoeppe  staff     96 Jan 28 18:30 startup

(base) egret:/Users/mkoeppe/s/sage/sage-rebasing/worktree-clean (t/29093/29093-dot_sage_permissions $%)$ ./sage -sh -c 'jupyter --paths'
config:
    /Users/mkoeppe/s/sage/sage-rebasing/worktree-clean/fakehome/.sage//jupyter-4.1
    /Users/mkoeppe/s/sage/sage-rebasing/worktree-clean/local/etc/jupyter
    /usr/local/etc/jupyter
    /etc/jupyter
data:
    /Users/mkoeppe/s/sage/sage-rebasing/worktree-clean/fakehome/Library/Jupyter
    /Users/mkoeppe/s/sage/sage-rebasing/worktree-clean/local/share/jupyter
    /usr/local/share/jupyter
    /usr/share/jupyter
runtime:
    /Users/mkoeppe/s/sage/sage-rebasing/worktree-clean/fakehome/Library/Jupyter/runtime
(base) egret:/Users/mkoeppe/s/sage/sage-rebasing/worktree-clean (t/29093/29093-dot_sage_permissions $%)$ ls -l /Users/mkoeppe/s/sage/sage-rebasing/worktree-clean/fakehome/Library/Jupyter/runtime
total 32
-rw-r--r-T  1 mkoeppe  staff  263 Jan 28 18:39 kernel-d03f6006-b3d6-4001-ab36-f4554ba1862e.json
-rw-r--r--@ 1 mkoeppe  staff  484 Jan 28 18:38 nbserver-83225-open.html
-rw-r--r--  1 mkoeppe  staff  290 Jan 28 18:38 nbserver-83225.json
-rw-------  1 mkoeppe  staff   45 Jan 28 18:31 notebook_cookie_secret
(base) egret:/Users/mkoeppe/s/sage/sage-rebasing/worktree-clean (t/29093/29093-dot_sage_permissions $%)$

Answer 9 · 2020-01-29T08:42:28.000Z

comment:4

Thank you for the review!

Answer 10 · 2020-01-31T23:49:10.000Z

Changed branch from u/mmezzarobba/29093-dot_sage_permissions to 387fdfc