Handling changed file permissions

[liamsi]

In autofile and in fsdb files are created with read-write permissions for the file owner (0600). If they are opened again, we do not check if the same restrictve file permissions still hold:

tendermint/libs/autofile/autofile.go

Lines 116 to 123 in 013b9ce

	func (af *AutoFile) openFile() error {
	file, err := os.OpenFile(af.Path, os.O_RDWR|os.O_CREATE|os.O_APPEND, 0600)
	if err != nil {
	return err
	}
	af.file = file
	return nil
	}

and:

tendermint/libs/db/fsdb.go

Lines 202 to 206 in 013b9ce

	func write(path string, d []byte) error {
	f, err := os.OpenFile(path, os.O_CREATE|os.O_WRONLY, keyPerm)
	if err != nil {
	return err
	}

We should at least check that the permissions did not change (e.g. by accident) and enforce the intended perms (via chmod). Another approach would be to error in this case and tell the user to change the file perms (to make the user aware that sth. funky has happend here).

Will submit a small PR for both cases which silently fixes the permission in case they were changed.

(see https://github.com/tendermint/security/issues/5 and https://github.com/tendermint/security/issues/1)

[melekes]

See #2286 (comment)

[melekes]

Fixed in #2286