site_cache_dir: Use /var/cache again instead of /var/tmp on UNIX
#239
Conversation
This directory was changed from /var/cache to /var/tmp in tox-dev#148 due to permissions issues. However, /var/tmp is an insecure location to store anything with a predictable filename, because any other user could have written it first. This leads to vulnerabilities categorized under CWE-377 and CAPEC-149. To deal with the permissions issues, applications should put their own cache data in a subdirectory of /var/cache (e.g. /var/cache/cups), and the application’s package is responsible for ensuring the subdirectory exists and giving it the correct permissions. Signed-off-by: Anders Kaseorg <andersk@mit.edu>
andersk
requested review from
gaborbernat,
ofek,
Julian and
RonnyPfannschmidt
as code owners
|
site_cache_dir on both windows and mac are writable by regular users, while Maybe this should be a new opt-in option? |
Please correct me if I'm wrong, but seems like permissions of the base dir (/var/cache vs /var/tmp) don't really prevent users from creating those vulnerabilities, as they still need to handle file permissions correctly when creating files/subdirs. But using /var/cache makes it so that no regular user can create anything in /var/cache without additional privileges, thus forcing the application to be installed with sudo, which is inconsistent with site_cache_dir on other platforms. |
|
@efiop On Windows, On Unix, a subdirectory of |
|
Good point about Indeed, looks like I'm in the wrong here. Not sure if platformdirs has a procedure for breaking changes like this. We'll need some help from maintainers here. |
|
Because this is a fairly recent feature, I am okay too. Make this change now. I might make it a new major release just in case. But please feel free to go ahead. |
|
A major release would indeed be great and would allow us to migrate gracefuly. |
[](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [platformdirs](https://github.com/platformdirs/platformdirs) | `==3.11.0` -> `==4.0.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>platformdirs/platformdirs (platformdirs)</summary> ### [`v4.0.0`](https://github.com/platformdirs/platformdirs/releases/tag/4.0.0) [Compare Source](https://github.com/platformdirs/platformdirs/compare/3.11.0...4.0.0) <!-- Release notes generated using configuration in .github/release.yml at main --> #### What's Changed - site_cache_dir: Use `/var/cache` again instead of `/var/tmp` on UNIX by [@​andersk](https://github.com/andersk) in [https://github.com/platformdirs/platformdirs/pull/239](https://github.com/platformdirs/platformdirs/pull/239) #### New Contributors - [@​andersk](https://github.com/andersk) made their first contribution in [https://github.com/platformdirs/platformdirs/pull/239](https://github.com/platformdirs/platformdirs/pull/239) **Full Changelog**: tox-dev/platformdirs@3.11.0...4.0.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/hugovk/pypistats). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy41OS44IiwidXBkYXRlZEluVmVyIjoiMzcuNTkuOCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->
](https://renovatebot.com){kind=link}
This directory was changed from
/var/cacheto/var/tmpin #148 due to permissions issues. However,/var/tmpis an insecure location to store anything with a predictable filename, because any other user could have written it first. This leads to vulnerabilities categorized under CWE-377 and CAPEC-149.To deal with the permissions issues, applications should put their own cache data in a subdirectory of
/var/cache(e.g./var/cache/cups), and the application’s package is responsible for ensuring the subdirectory exists and giving it the correct permissions.