sentry-native database permissions on OSX

[bgedzior-logi]

I work on a project that uses a user-space process communicating with a service running with elevated privileges. For both processes sentry is configured sentry. However, in certain cases, the automatic transport of the crashes to the server is disabled. For that cases there's a shell script that takes crashdumps from database/completed, then zips them to allows user to send us (developers) for analysis.

The problem is that database folder has permissions, that allow only the owner to see the files inside. And for the elevated service, database path owner is a root, hence we cannot copy the dumps with the script run by a regular user.

My question is about my idea to solve the issue. I was thinking that after I launch the sentry, I could change the permissions for database folder allowing anyone to read it. I'm, however, concerned about possible security issues. This folder has that permissions for some reason, and I'm simply worried that changing permissions wouldn't be a security hole.

Is my solution correct, or would someone suggest something else?

[supervacuus]

My question is about my idea to solve the issue. I was thinking that after I launch the sentry, I could change the permissions for database folder allowing anyone to read it.

Even if you change the permissions of the database path after Sentry is initialized, the user executing the process will also own every subsequent file written to that directory.

I'm, however, concerned about possible security issues. This folder has that permissions for some reason, and I'm simply worried that changing permissions wouldn't be a security hole.

The folder has these permissions because the process is executed by root. The user who runs the process will own every file it creates. This is a sensible default because if your process runs with elevated privileges, the files it creates should also require that level of access. Whether that is a security risk is hard to answer for us. The right person to answer this is the one who runs the process with elevated privileges.

You have essentially two options:

• you can limit the process to a user without elevated privileges (and give the process explicit permissions rather than running it as root). I cannot say if that is applicable in your case. But generally, the lower the privileges, the better when executing any process from a security POV.
• you can leave the process permission setup and modify your script to change ownership to a user with lower privileges. But then the script must be run as root. Or you wrap your privileged process in a script that changes ownership of the sentry database directory after the process is terminated.

Again, the latter should be clarified with the peeps requiring elevated security for that process in the first place. However, the database path only has those permissions because a particular user executes the process. The SDK does not change the permissions in any way.

[bgedzior-logi]

Great thanks for the reply. However, I have another question.

The app I work on is being automatically restarted after crash. So I came up with the following idea: after restart, we will start the sentry again, and (given that my process is elevated), I can move completed dumps to other, readable directory and change permissions of the dump files. I have, however, one concern about this it, so let's follow the scenario:

1. App crashes
2. crashpad handler starts collecting data, which end with moving the dumps to 'completed' folder
3. About the same time app gets restarted and tries to init sentry with a crashpad handler. It's using the same sentry database directory

So we have a possible conflict/race condition. Old crashpad instance might not finish the work with previous crash, whereas new app instance wants to start another sentry/crashapd instance.

How will sentry/crashpad handler behave it such situation? Will it automatically synchronise and wait for previous instance to finish, or should I sync it manually, e.g. by observing running processes?

Forgive me if my questions are silly, I definitely lack the knowledge of sentry/crashpad handler operation.