Skip to content
GitLab
  • Menu
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • Arti Arti
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 136
    • Issues 136
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 14
    • Merge requests 14
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages & Registries
    • Packages & Registries
    • Package Registry
    • Infrastructure Registry
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • The Tor Project
  • Core
  • ArtiArti
  • Issues
  • #315
Closed
Open
Created Feb 01, 2022 by Nick Mathewson@nickm⛰Owner

Should we be checking directory and file permissions?

In tor, we make sure that the permissions and ownership of our data directory, and of its parents (recursively) don't allow other non-root users to read and write to our files. This prevents accidentally starting tor with (say) your private keys in a directory that an attacker can chmod.

Should we do something similar in arti? (If so we should provide a way to loosen the restrictions for users who need group-readable installations and the like.)

Places to look for stuff to put in a checklist:

  • safe_path() in openssh-portable
  • check_permissions() in gnupg
  • check_private_dir() in the C tor implementation.
Edited Apr 12, 2022 by Nick Mathewson
Assignee
Assign to
Time tracking