Bug #557
IOCipher writes all perms as uid+gid 0 in the sqlfs container
| Status: | New | Start date: | 01/24/2013 | |
|---|---|---|---|---|
| Priority: | Low | Due date: | ||
| Assignee: | - | % Done: | 0% | |
| Category: | - | |||
| Target version: | - | |||
| Component: |
Description
The followup to #266
Inside the virtual filesystem IOCipher writes all files with perms for root. What are the usability and security considerations of this?
Thoughts: Any permissions we impose in the VFS are entirely virtual (...), that is, any process that is able to get a handle on the database (and decrypt it if needed) will be able to write/read anything it desires. This is OK on Android, as IOCipher stores the sql database in its internal app storage. Does that make sense?
So, the question is, do we have a use case for granular permissions inside the VFS container? Is this something we should punt until a use case presents itself?
History
#1 Updated by hans over 4 years ago
- Target version deleted (
47)
#2 Updated by hans almost 4 years ago
- Target version set to 61
#3 Updated by hans almost 4 years ago
- Target version deleted (
61)
#4 Updated by hans over 3 years ago
- Subject changed from IOCiper writes all perms as uid+gid 0 in the sqlfs container to IOCipher writes all perms as uid+gid 0 in the sqlfs container
So far, there hasn't been a use case for handle multiple users, so leave this as is.