bugzilla-daemon at mindrot.org
2021-Apr-01 14:51 UTC
[Bug 1844] Explicit file permissions enhancement to sftp-server
https://bugzilla.mindrot.org/show_bug.cgi?id=1844
Mark <mark at fts.scot> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mark at fts.scot
--- Comment #11 from Mark <mark at fts.scot> ---
checking in to add a vote for this :)
I am inclined to disagree with comment #10 referring to the unfinished
IETF spec because the IETF of course favours rough consensus and
running code... and openBSD implemented it as-is many years ago and
Fedora / RHEL have shipped this patch for 6 years now. :-) [1] As a
result there is lots of documentation out there referring to "-m"
workaround.
To now suggest updating the specification to introduce this new idea of
senders and receivers "applying rules" and also muddying what the
existing umask flag does... is not the solution to the use case
mentioned in this ticket. Infact it's not the solution to any real
world problem as far as I can tell.
The use case is just for an sftp server to ignore incoming permissions.
Not to reinterpret the sent umask, not to apply rules. Just to set its
own unilaterally. The patch does it, it has been running in production
on RHEL for a long time and it is documented widely online.
At this point, merging it at this point seems to me like a bit of a
trivial decision.
[1]
https://src.fedoraproject.org/rpms/openssh/blob/f22/f/openssh-6.7p1-sftp-force-permission.patch
--
You are receiving this mail because:
You are watching the assignee of the bug.