From df987902069c14392db3a502b398ef4b46cb021f Mon Sep 17 00:00:00 2001 From: Scott Kuhl Date: Fri, 24 Jun 2022 11:02:40 -0400 Subject: [PATCH] Fix incorrect permissions for /etc/hosts If we modify /etc/hosts, we read/copy the ownership and permissions from the existing /etc/hosts before we make our new temporary file which will eventually overwrite /etc/hosts. If we fail to retrieve the permissions of the existing /etc/hosts file, we made the temporary file owned by root 0o600 permissions. It should have 0o644 permissions so that /etc/hosts has the correct permissions once we rename it. It is unlikely many encoutered this bug since most machines have /etc/hosts prior to sshuttle running and we should be able to read the permission/ownership of that existing file. --- sshuttle/firewall.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sshuttle/firewall.py b/sshuttle/firewall.py index 0e060e2..b184d9b 100644 --- a/sshuttle/firewall.py +++ b/sshuttle/firewall.py @@ -51,7 +51,7 @@ def rewrite_etc_hosts(hostmap, port): os.chmod(tmpname, st.st_mode) else: os.chown(tmpname, 0, 0) - os.chmod(tmpname, 0o600) + os.chmod(tmpname, 0o644) try: os.rename(tmpname, HOSTSFILE) except OSError: