Submitted by cerebrum on Wed, 12/14/2011 - 21:52
We noticed recently that if you schedule backups which are stored locally, these backups will end up being world readable by default.
While I can set the umask for all files created by Webmin, this has plenty of side effects (e.g. broke autoresponders for us) and is certainly not the way to go.
Setting the permissions of completion of the backup cannot be considered secure because it would still expose the backups until they are complete.
One option would be to allow setting a umask for backups, create them with owner-only permissions and then relax the permissions to whatever umask was chosen. As it stands all data which is usually secured by UNIX file permissions will be exposed to anyone with access to the server.
Status:
Closed (fixed)
Comments
Submitted by JamieCameron on Wed, 12/14/2011 - 23:00 Comment #1
Thanks for pointing this out .. the permissions should really be 600. I will fix this in the next Virtualmin release.
Submitted by Issues on Wed, 12/28/2011 - 23:18 Comment #2
Automatically closed -- issue fixed for 2 weeks with no activity.
Submitted by cerebrum on Wed, 02/22/2012 - 20:52 Comment #3
What release of Webmin/Virtualmin has fixed this issue? (Assuming it has been fixed already.)
I checked the changelogs but I couldn't find any trace of this.
Submitted by JamieCameron on Wed, 02/22/2012 - 22:18 Comment #4
The 3.90 release would have included a fix for this..
Submitted by Locutus on Thu, 02/23/2012 - 08:00 Comment #5
I stumbled upon this issue as well, and quick-fixed it by making the directory in which the backups reside 600. Users which don't have access to a directory also cannot access anything inside it, even if the permissions of the stuff inside would allow it.