Topic "[Security issue] Owner and Group are not preserved"

Author Message
pvalnov
[View user's profile]

Joined: 2013-05-10
Posts: 1
Expected behaviour: If a remote file exists, and I upload or sync to the server a local file with same filename then the Owner and Group of the remote file should be preserved.

Actual behaviour: The expected behaviour is seen only for files that are under the size limit set in Transfer > Endurance > 'Enable transfer resume/transfer to temporary filename for'. Any files that exceed that size limit lose the original Owner and Group (they are not preserved). Interestingly, the original file permissions ARE preserved.

Workaround until this is fixed
:
Set Transfer > Endurance > 'Enable transfer resume/transfer to temporary filename for' to 'Disable'.

Tested with:
- WinSCP 5.2.1 (Build 3231) and with older versions too (even 4.x.x) in SFTP-3 mode.
- Remote server is Debian 6
- Local server is Windows 7 SP1
Advertisements
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
Thanks for your report. This is documented here:
http://winscp.net/eng/docs/resume#automatic

There's an explicit code to "copy" the permissions from original files to the new one. While it can possibly also "copy" the group, it cannot copy owner as you would have to be logged in as a root to do that.

Added to tracker:
http://winscp.net/tracker/show_bug.cgi?id=1003
_________________
Martin Prikryl
Guest




Hi, Even though it is documented somewhere, the behavious is completely unexpected and dangerous as it creates severe security issues that are hard to notice. So thank you for creating a bug for it.

Regards,
Guest




Also, the fact that file permissions ARE preserved, while group/owner aren't, qualifies this as a clear bug (not a documented behaviour).
Guest




The bug subject in the bugtracker item states that only Group is not preserved, but it is also the Owner that is not preserved. Both are equally important.
Dominic

Guest


I had the same issue. My code would not work any more after some uploads. I noticed that the ownership of some files changed after every upload. I applied the work around and it does not do that anymore. Thanks. I don't give myself root permission, exactly because I do not want to mess with ownership. It is strange that WinSCP can even do that. It requires root permission and I don't provide the required ROOT credential.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
Dominic wrote:
It is strange that WinSCP can even do that. It requires root permission and I don't provide the required ROOT credential.

You do not need root permissions to delete a file and create new one with the same name, but an ownership of logged-in user.
Guest




prikryl wrote:
Dominic wrote:
It is strange that WinSCP can even do that. It requires root permission and I don't provide the required ROOT credential.

You do not need root permissions to delete a file and create new one with the same name, but an ownership of logged-in user.

OK, I did not think very far when I wrote this extra point. Still for most files, the observed result is that the original (group) ownership is preserved. Only in special cases, the (group) ownership is changed. The documentation that you mentioned says nothing about (group) ownership. If we know about this other documented behavior, we can see the connection, but that does NOT make this special (group) ownership behavior a documented behavior. It is NOT a documented behavior, but if it was, I would consider this even worst. Who in is right mind would want such a behavior ?
Guest




prikryl wrote:
Dominic wrote:
It is strange that WinSCP can even do that. It requires root permission and I don't provide the required ROOT credential.

You do not need root permissions to delete a file and create new one with the same name, but an ownership of logged-in user.

OK, I understand that, if it deletes a file and creates a new one with the same name, WinSCP has no other choice than to use the logged-in user ownership. This is NOT documented, but it is an understandable behavior. However, in my case I was the owner and in the group of the original file in the server. Is there a reason why the group ownership is not preserved? At the end, I just want a simple uniform behavior, independent of other configurations and special file properties such as its size.
Ricardo
[View user's profile]
Donor
Joined: 2006-02-03
Posts: 106
It's a Unix/Linux limitation...

Quoting https://en.wikipedia.org/wiki/Chown :

Unprivileged (regular) users who wish to change the group of a file that they own may use chgrp.

For obvious security reasons, the ownership of a file may only be altered by a super-user. Similarly, only a member of a group can change a file's group ID to that group.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
Quote:
OK, I did not think very far when I wrote this extra point. Still for most files, the observed result is that the original (group) ownership is preserved. Only in special cases, the (group) ownership is changed. The documentation that you mentioned says nothing about (group) ownership. If we know about this other documented behavior, we can see the connection, but that does NOT make this special (group) ownership behavior a documented behavior. It is NOT a documented behavior, but if it was, I would consider this even worst. Who in is right mind would want such a behavior ?

It's not a desired behavior, but rather a side-effect of desired behavior.
I believe that both the side-effect and reason WinSCP does that (transfer via temporary directory) is well documented on page below (already linked earlier in this topic):
http://winscp.net/eng/docs/resume#automatic
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
This issue has been added to the tracker:
http://winscp.net/tracker/show_bug.cgi?id=1260
_________________
Martin Prikryl
gabri.ns
[View user's profile]

Joined: 2013-07-17
Posts: 2
i don't fully understand how sftp work. been trying to find an easy explanation for a while but not found any.

since backgroud transfer is always opening new ssh connection, can you do it like this?
1. open connection
2. start sftp-server binary
3. upload all queued file to temporary and keep a mapping of temp -> orig
4. exit sft-server
5. use dd or cat to overwrite file, eg: cat temp > orig
6. sleep. if there is new queue, go back to step 2
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
gabri.ns wrote:
i don't fully understand how sftp work. been trying to find an easy explanation for a while but not found any.

since backgroud transfer is always opening new ssh connection, can you do it like this?
1. open connection
2. start sftp-server binary
3. upload all queued file to temporary and keep a mapping of temp -> orig
4. exit sft-server
5. use dd or cat to overwrite file, eg: cat temp > orig
6. sleep. if there is new queue, go back to step 2

Thanks for your suggestion. Though that's not SFTP solution anymore. It's not portable.
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License