New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Tidy up configuration files UNIX permissions #7983
base: master
Are you sure you want to change the base?
Conversation
Thanks, testing video please, so that we can confirm it can work as expected. |
Hey @rustdesk, I'm really sorry but I can't manage to find "video" tests. Do you have a pointer or documentation that I could read to add such a test case ? |
Like this, #7988 Showing your PR taking effect, and not break any function. |
So I eventually got what you mean by "testing video"... During building/testing, I've also encountered an issue related to Docker image and PAM, so I took the liberty to add the missing library to package dependencies list. Bye 👋 |
Unit test is not enough for such case. Integration test is required. |
There isn't any integration tests from what I see... I could make a screenshot of RD running and my terminal showing configuration files with
Thanks for your time, bye 🙏 |
Let's give you an example. If a ipc file created with 600 permission, does it mean only the creator can access it? then the other process running as the other user can not connect to the IPC? You need to undertand test, testing is for fixing your "I think". |
Fully-agreeing here with your IPC example; Is
👍 that's why projects usually rely on testing workflows that maintainers trust, and not "videos" recorded on untrusted machines (?), with completely unknown codes/setups/configurations which result in non-reproducible scenarios. Thanks, see you 👋 |
Such a flow may be easy to set up for some project, but it is too hard for RustDesk, I hope you can understand. |
``` wrapper.h:1:10: fatal error: 'security/pam_appl.h' file not found ``` Signed-off-by: Samuel FORESTIER <samuel+dev@forestier.app>
Signed-off-by: Samuel FORESTIER <samuel+dev@forestier.app>
(rebased according to confy submodule "move" @rustdesk) |
Little up @rustdesk, thanks 🙏 |
Hello 👋
This patch enforces
0600
UNIX permission on configuration files, for non-Windows hosts.As they usually contain remote machine credentials, their access should be restricted to their owner.
Thanks, bye 🙏