INTERNAL_TOKEN_URI needlessly opened as RW

[mapreri]

gitea/modules/setting/setting.go

Line 1039 in 7ce938b

fp, err := os.OpenFile(tempURI.RequestURI(), os.O_RDWR, 0600)

func loadInternalToken(sec *ini.Section) string {
...
	switch tempURI.Scheme {
	case "file":
		fp, err := os.OpenFile(tempURI.RequestURI(), os.O_RDWR, 0600)
		if err != nil {
			log.Fatal("Failed to open InternalTokenURI (%s): %v", uri, err)
		}
...

Using O_RDWR is not really useful here. I think that it should be possible to make it only O_RDONLY.

I spotted this as I tried to make the file 0400 and gitea failed to start.

Thanks for considering.

[wxiaoguang]

But the logic is: if the file doesn't exist, Gitea will try to generate a new secret and write it into the file.

[mapreri]

Right, so gitea can try to open the file (RO), if ENOENT then create with the content (and close it, it's not even needed to read the file then anyway). Imho if the file exists but doesn't contain the token gitea could just error out (didn't go check if this marches the current behaviour), or could try to re-open the file as RW as needed if that's the current behaviour for "file present but empty" and you want to keep it. (I'm not proposing a patch because I really have no expirience with go (which is something I should fix..), and also because I don't have time to try figure out how to build the project and test such change. )

…

On Mon, 7 Feb 2022, 3:30 pm wxiaoguang, ***@***.***> wrote: But the logic is: if the file doesn't exist, Gitea will try to generate a new secret and write it into the file. — Reply to this email directly, view it on GitHub <#18655 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAL7FE3TX4LK6ZJ4O22VVSTUZ7JPPANCNFSM5NXCWUKQ> . Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>. You are receiving this because you authored the thread.Message ID: ***@***.***>

[mapreri]

Thank you!!

[mmoya]

Can #18657 be backported to 1.6?

gitea 1.6.5 fails to start in kubernetes when INTERNAL_TOKEN_URI is pointing to a file mounted from a readonly secret. The error is ...s/setting/setting.go:1085:loadInternalToken() [F] Failed to open InternalTokenURI (file:/etc/gitea/secrets/internal-token): open /etc/gitea/secrets/internal-token: permission denied

[lunny]

Can #18657 be backported to 1.6?

gitea 1.6.5 fails to start in kubernetes when INTERNAL_TOKEN_URI is pointing to a file mounted from a readonly secret. The error is ...s/setting/setting.go:1085:loadInternalToken() [F] Failed to open InternalTokenURI (file:/etc/gitea/secrets/internal-token): open /etc/gitea/secrets/internal-token: permission denied

Will be released in v1.16.6