Bazaar

backup.bzr directory is world readable

Bug #262450 reported by James Troup on 2008-08-28

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
Bazaar	Fix Released	High	Parth Malwankar	Bazaar 2.2b1
2.0	Fix Released	High	Parth Malwankar	Bazaar 2.0.6
2.1	Fix Released	High	Unassigned
2.2	Fix Released	High	Unassigned

Bug Description

When you 'bzr upgrade' the backup.bzr directory is created world readable. For people who use permissions on the local .bzr as access control this is critically bad. Please don't do that and instead either clone the permissions from .bzr or default to 0700.

Related branches

lp:~parthm/bzr/262450

Merged into lp:bzr

Vincent Ladeuil: Needs Fixing on 2010-03-03

Martin Pool: Approve on 2010-02-18

lp:~mbp/bzr/2.0-262450-backup-permissions

Merged into lp:bzr/2.0

John A Meinel: Approve on 2010-03-17

Revision history for this message

John A Meinel (jameinel) wrote on 2008-08-29:

I agree it should inherit the .bzr/ permissions. It isn't hard to do, I'm sure we just didn't think about it.

Changed in bzr:
importance:	Undecided → High
status:	New → Triaged

Revision history for this message

Martin Pool (mbp) wrote on 2009-01-16:

tags upgrade

--
Martin

Parth Malwankar (parthm) on 2010-02-16

Changed in bzr:
assignee:	nobody → Parth Malwankar (parthm)
status:	Triaged → In Progress

Revision history for this message

Martin Pool (mbp) wrote on 2010-03-17:

Download full text (3.5 KiB)

This fails in a fairly obvious way with

======================================================================
ERROR: bzrlib.tests.blackbox.test_upgrade.TestWithUpgradableBranches.test_upgrade_permission_check
----------------------------------------------------------------------
_StringException: Text attachment: log
------------
199.429 run bzr: ['init', '--format=1.6']
199.430 bazaar version: 2.2.0dev1
199.430 bzr arguments: ['init', '--format=1.6']
199.432 encoding stdout as sys.stdout encoding 'UTF-8'
199.438 creating repository in file:///tmp/testbzr-7brzZD.tmp/bzrlib.tests.blackbox.test_upgrade.TestWithUpgradableBranches.test_upgrade_permission_check/work/.bzr/.
199.441 creating branch <bzrlib.branch.BzrBranchFormat7 object at 0x4e26b90> in file:///tmp/testbzr-7brzZD.tmp/bzrlib.tests.blackbox.test_upgrade.TestWithUpgradableBranches.test_upgrade_permission_check/work/.bzr/
199.449 trying to create missing lock '/tmp/testbzr-7brzZD.tmp/bzrlib.tests.blackbox.test_upgrade.TestWithUpgradableBranches.test_upgrade_permission_check/work/.bzr/checkout/dirstate'
199.449 opening working tree '/tmp/testbzr-7brzZD.tmp/bzrlib.tests.blackbox.test_upgrade.TestWithUpgradableBranches.test_upgrade_permission_check/work'
199.456 opening working tree '/tmp/testbzr-7brzZD.tmp/bzrlib.tests.blackbox.test_upgrade.TestWithUpgradableBranches.test_upgrade_permission_check/work'
199.458 output:
'Created a standalone tree (format: 1.6)\n'
199.458 run bzr: ['upgrade']
199.458 bazaar version: 2.2.0dev1
199.458 bzr arguments: ['upgrade']
199.460 encoding stdout as sys.stdout encoding 'UTF-8'
199.472 creating repository in file:///tmp/testbzr-7brzZD.tmp/bzrlib.tests.blackbox.test_upgrade.TestWithUpgradableBranches.test_upgrade_permission_check/work/.bzr/.
WARNING Doing on-the-fly conversion from <RepositoryFormatKnitPack5> to <RepositoryFormat2a>.
This may take some time. Upgrade the repositories to the same format for better performance.

199.483 opening working tree '/tmp/testbzr-7brzZD.tmp/bzrlib.tests.blackbox.test_upgrade.TestWithUpgradableBranches.test_upgrade_permission_check/work'
199.492 opening working tree '/tmp/testbzr-7brzZD.tmp/bzrlib.tests.blackbox.test_upgrade.TestWithUpgradableBranches.test_upgrade_permission_check/work'
199.492 output:
'starting upgrade of file:///tmp/testbzr-7brzZD.tmp/bzrlib.tests.blackbox.test_upgrade.TestWithUpgradableBranches.test_upgrade_permission_check/work/\nmaking backup of file:///tmp/testbzr-7brzZD.tmp/bzrlib.tests.blackbox.test_upgrade.TestWithUpgradableBranches.test_upgrade_permission_check/work/.bzr\n to file:///tmp/testbzr-7brzZD.tmp/bzrlib.tests.blackbox.test_upgrade.TestWithUpgradableBranches.test_upgrade_permission_check/work/backup.bzr.~1~\nstarting repository conversion\nrepository converted\nfinished\n'
199.492 errors:
'Doing on-the-fly conversion from <RepositoryFormatKnitPack5> to <RepositoryFormat2a>.\nThis may take some time. Upgrade the repositories to the same format for better performance.\n\n'
------------
Text attachment: traceback
------------
Traceback (most recent call last):
File "/usr/lib/python2.4/site-packages/testtools/runtest.py", line 128, in _run_user
return fn(*args...

This fails in a fairly obvious way with

======================================================================
ERROR: bzrlib.tests.blackbox.test_upgrade.TestWithUpgradableBranches.test_upgrade_permission_check
----------------------------------------------------------------------
_StringException: Text attachment: log
------------
199.429  run bzr: ['init', '--format=1.6']
199.430  bazaar version: 2.2.0dev1
199.430  bzr arguments: ['init', '--format=1.6']
199.432  encoding stdout as sys.stdout encoding 'UTF-8'
199.438  creating repository in file:///tmp/testbzr-7brzZD.tmp/bzrlib.tests.blackbox.test_upgrade.TestWithUpgradableBranches.test_upgrade_permission_check/work/.bzr/.
199.441  creating branch <bzrlib.branch.BzrBranchFormat7 object at 0x4e26b90> in file:///tmp/testbzr-7brzZD.tmp/bzrlib.tests.blackbox.test_upgrade.TestWithUpgradableBranches.test_upgrade_permission_check/work/.bzr/
199.449  trying to create missing lock '/tmp/testbzr-7brzZD.tmp/bzrlib.tests.blackbox.test_upgrade.TestWithUpgradableBranches.test_upgrade_permission_check/work/.bzr/checkout/dirstate'
199.449  opening working tree '/tmp/testbzr-7brzZD.tmp/bzrlib.tests.blackbox.test_upgrade.TestWithUpgradableBranches.test_upgrade_permission_check/work'
199.456  opening working tree '/tmp/testbzr-7brzZD.tmp/bzrlib.tests.blackbox.test_upgrade.TestWithUpgradableBranches.test_upgrade_permission_check/work'
199.458  output:
'Created a standalone tree (format: 1.6)\n'
199.458  run bzr: ['upgrade']
199.458  bazaar version: 2.2.0dev1
199.458  bzr arguments: ['upgrade']
199.460  encoding stdout as sys.stdout encoding 'UTF-8'
199.472  creating repository in file:///tmp/testbzr-7brzZD.tmp/bzrlib.tests.blackbox.test_upgrade.TestWithUpgradableBranches.test_upgrade_permission_check/work/.bzr/.
 WARNING  Doing on-the-fly conversion from <RepositoryFormatKnitPack5> to <RepositoryFormat2a>.
This may take some time. Upgrade the repositories to the same format for better performance.

199.483  opening working tree '/tmp/testbzr-7brzZD.tmp/bzrlib.tests.blackbox.test_upgrade.TestWithUpgradableBranches.test_upgrade_permission_check/work'
199.492  opening working tree '/tmp/testbzr-7brzZD.tmp/bzrlib.tests.blackbox.test_upgrade.TestWithUpgradableBranches.test_upgrade_permission_check/work'
199.492  output:
'starting upgrade of file:///tmp/testbzr-7brzZD.tmp/bzrlib.tests.blackbox.test_upgrade.TestWithUpgradableBranches.test_upgrade_permission_check/work/\nmaking backup of file:///tmp/testbzr-7brzZD.tmp/bzrlib.tests.blackbox.test_upgrade.TestWithUpgradableBranches.test_upgrade_permission_check/work/.bzr\n  to file:///tmp/testbzr-7brzZD.tmp/bzrlib.tests.blackbox.test_upgrade.TestWithUpgradableBranches.test_upgrade_permission_check/work/backup.bzr.~1~\nstarting repository conversion\nrepository converted\nfinished\n'
199.492  errors:
'Doing on-the-fly conversion from <RepositoryFormatKnitPack5> to <RepositoryFormat2a>.\nThis may take some time. Upgrade the repositories to the same format for better performance.\n\n'
------------
Text attachment: traceback
------------
Traceback (most recent call last):
 File "/usr/lib/python2.4/site-packages/testtools/runtest.py", line 128, in _run_user
   return fn(*args)
 File "/usr/lib/python2.4/site-packages/testtools/testcase.py", line 368, in _run_test_method
   testMethod()
 File "/home/pqm/bzr-pqm-workdir/home/+trunk/bzrlib/tests/blackbox/test_upgrade.py", line 160, in test_upgrade_permission_check
   new_perms = os.stat(backup_dir).st_mode & 0777
OSError: [Errno 2] No such file or directory: 'backup.bzr'
------------

Martin Pool (mbp) on 2010-03-30

Changed in bzr:
milestone:	none → 2.2b1
status:	In Progress → Fix Released

Revision history for this message

Martin Pool (mbp) wrote on 2010-03-30:

Will be in 2.0.6

Revision history for this message

Max Bowsher (maxb) wrote on 2011-05-16:

This landed in 2.1.2 via merge up from 2.0.6, closing 2.1 series task.

Report a bug

This report contains Public information

Everyone can see this information.

Duplicates of this bug

Bug #347124

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.