Sublime Forum

Files written to /dev/shm are not private to user


Certain features in sublime_text for Linux (such as the indexing engine) cause sublime to create files in /dev/shm.

Right now, these files appear to have permissions dictated by the default group and umask of the user. On a shared system where users share a group and have umask 0022 or 0027, this means that these files can be read by other users with the same default group. This presents a potential privacy concern.

Could all files written to /dev/shm be written with umask 0077 so that only the user who created them can read them?



Would that not be controlled by the umask that your user profile is setting up? I wold guess that in a nutshell should you want it to be a different mask than you would generally use, you could update the launcher shortcut to something like umask 0077 && sublime_text or similar?



Setting the umask in a wrapper script would fix the protections on these /dev/shm files, but it would prevent sublime_text from creating and saving files with group read permission enabled, which users would generally expect on a system where the default umask is 0022 or 0027.

For example, say we have users A, B, C on our system with default group “shared” and default umask 0027. Users A and B also have a group “admin” and both contribute to an admin directory with permissions 2750 (so new files in the directory automatically get group admin). Right now user A could open sublime and save a new file to the admin directory and it would automatically have group “admin” and group read permission as desired. If we wrapped sublime_text in a script that set the umask to 0077, it would be much more likely that A would create a file intended for B to read but that B can’t actually read.



That’s probably worth an issue.



Thanks! Submitted.