Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cmd/go: GOMODCACHE module version dirs are only readable by owner #42344

Closed
mikesep opened this issue Nov 2, 2020 · 4 comments
Closed

cmd/go: GOMODCACHE module version dirs are only readable by owner #42344

mikesep opened this issue Nov 2, 2020 · 4 comments

Comments

@mikesep
Copy link

mikesep commented Nov 2, 2020

What version of Go are you using (go version)?

$ go version
go version go1.15.3 darwin/amd64

and

$ go version
go version go1.15.3 linux/amd64

Does this issue reproduce with the latest release?

Yes.

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/Users/mseplowitz/Library/Caches/go-build"
GOENV="/Users/mseplowitz/Library/Application Support/go/env"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
GOINSECURE=""
GOMODCACHE="/Users/mseplowitz/gotmp/GOPATH/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="darwin"
GOPATH="/Users/mseplowitz/gotmp/GOPATH"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/Cellar/go/1.15.3/libexec"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/Cellar/go/1.15.3/libexec/pkg/tool/darwin_amd64"
GCCGO="gccgo"
AR="ar"
CC="clang"
CXX="clang++"
CGO_ENABLED="1"
GOMOD="/Users/mseplowitz/gotmp/src/go.mod"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/bs/c274gnpj3h96r_xj2mksfg4w0000gp/T/go-build189744068=/tmp/go-build -gno-record-gcc-switches -fno-common"

What did you do?

$ umask
0022

$ mkdir ~/gotmp && cd ~/gotmp
$ mkdir GOPATH src
$ export GOPATH=${PWD}/GOPATH

$ cd src
$ go mod init testmodule
go: creating new go.mod: module testmodule

$ go get github.com/fatih/color
go: downloading github.com/fatih/color v1.10.0
go: github.com/fatih/color upgrade => v1.10.0
go: downloading github.com/mattn/go-colorable v0.1.8
go: downloading github.com/mattn/go-isatty v0.0.12
go: downloading golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae

$ ls -l ../GOPATH/pkg/mod/
total 0
drwxr-xr-x 4 mseplowitz staff 128 Nov  2 12:56 cache/
drwxr-xr-x 4 mseplowitz staff 128 Nov  2 12:56 github.com/
drwxr-xr-x 3 mseplowitz staff  96 Nov  2 12:56 golang.org/

$ ls -l ../GOPATH/pkg/mod/github.com/
total 0
drwxr-xr-x 3 mseplowitz staff  96 Nov  2 12:56 fatih/
drwxr-xr-x 4 mseplowitz staff 128 Nov  2 12:56 mattn/

$ ls -l ../GOPATH/pkg/mod/github.com/*
../GOPATH/pkg/mod/github.com/fatih:
total 0
dr-x------ 11 mseplowitz staff 352 Nov  2 12:56 'color@v1.10.0'/

../GOPATH/pkg/mod/github.com/mattn:
total 0
dr-x------ 16 mseplowitz staff 512 Nov  2 12:56 'go-colorable@v0.1.8'/
dr-x------ 20 mseplowitz staff 640 Nov  2 12:56 'go-isatty@v0.0.12'/

What did you expect to see?

I'd like the module version root directories (e.g. $GOMODCACHE/github.com/fatih/color@v1.10.0) to have dr-xr-xr-x (555) permissions so that other users can read the cache.

What did you see instead?

The module root directories are only readable by their owner -- they have dr-x------ (500) permissions. The nearby parent/child directories and files are all world-readable, though.

Per @bcmills, this seems like a nearly idential situation to #40895.

@mikesep
Copy link
Author

mikesep commented Nov 2, 2020

I think I figured out why this happens.

tmpDir, err := ioutil.TempDir(parentDir, tmpPrefix)
if err != nil {
return "", err
}
if err := modzip.Unzip(tmpDir, mod, zipfile); err != nil {
fmt.Fprintf(os.Stderr, "-> %s\n", err)
RemoveAll(tmpDir)
return "", err
}
if err := robustio.Rename(tmpDir, dir); err != nil {
RemoveAll(tmpDir)
return "", err
}

ioutil.TempDir creates directories with 0700 permissions, not the defaults that os.Mkdir would give you. The directory is renamed (moved) as-is into place, so it retains these narrow permissions.

The code in the other branch of if unzipInPlace { ... doesn't have the same problem -- if I set GODEBUG=modcacheunzipinplace=1, I get dr-xr-x-rx / 0555 dirs. Looks like the old code branch was removed entirely in 507a88c, and I can confirm that gotip (go version devel +05e6d28 Mon Nov 2 11:14:49 2020 darwin/amd64) also gives me world-readable directories.

@bcmills
Copy link
Contributor

bcmills commented Nov 2, 2020

Ooh, nice!

Does that mean that GODEBUG=modcacheunzipinplace=1 works as a workaround, too?

@mikesep
Copy link
Author

mikesep commented Nov 2, 2020

Does that mean that GODEBUG=modcacheunzipinplace=1 works as a workaround, too?

Yep, seems so.

@bcmills bcmills added this to the Go1.16 milestone Nov 2, 2020
@bcmills
Copy link
Contributor

bcmills commented Nov 2, 2020

Nice. In that case, closing as fixed at head.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

3 participants