Persistent Storage: Config file check does not work as expected
The tps backend does a check for secure ownership and permissions of the config file when the Persistent Storage is activated:
# Check that the config file has secure ownership and
# permissions. If not, disable the file and create an empty
# file.
refs:
- https://gitlab.tails.boum.org/tails/tails/blob/a517a88f766d98a44d2df73240d60008dca2d7df/config/chroot_local-includes/usr/lib/python3/dist-packages/tps/service.py#L218-220
- https://gitlab.tails.boum.org/tails/tails/blob/a517a88f766d98a44d2df73240d60008dca2d7df/config/chroot_local-includes/usr/lib/python3/dist-packages/tps/configuration/config_file.py#L66-101
This check was copied from the old tps implementation in Perl.
It turns out that in the current implementation, activating a config file with an unexpected owner or unexpected permissions does not raise an InvalidConfigFileError
(and in some other cases a subprocess.CalledProcessError
is raised instead) because we call ConfigFile.parse
before we call ConfigFile.check_file_stat
, which automatically sets permissions and ownership on the file. Relevant code lines:
- Ownership and permissions set after
Unlock
call:- https://gitlab.tails.boum.org/tails/tails/blob/a517a88f766d98a44d2df73240d60008dca2d7df/config/chroot_local-includes/usr/lib/python3/dist-packages/tps/service.py#L251-251
- https://gitlab.tails.boum.org/tails/tails/blob/a517a88f766d98a44d2df73240d60008dca2d7df/config/chroot_local-includes/usr/lib/python3/dist-packages/tps/service.py#L446-446
- https://gitlab.tails.boum.org/tails/tails/blob/a517a88f766d98a44d2df73240d60008dca2d7df/config/chroot_local-includes/usr/lib/python3/dist-packages/tps/configuration/config_file.py#L107-107
- https://gitlab.tails.boum.org/tails/tails/blob/a517a88f766d98a44d2df73240d60008dca2d7df/config/chroot_local-includes/usr/lib/python3/dist-packages/tps/configuration/config_file.py#L170-178
-
check_file_stat
called inActivate
call: