Do not make files world writable

duncs / clusterssh

Cluster SSH - Cluster Admin Via SSH

https://github.com/duncs/clusterssh/wiki

896 stars 79 forks source link

Do not make files world writable #107

Closed bmwiedemann closed 6 years ago

bmwiedemann commented 6 years ago

If we can chmod it, we own the file, so we only need a writable-bit for the owner, not for everybody.

The permissions are changed back soon after, but it creates a small window for local attackers to insert their stuff into our build results. That makes this a small but easily avoidable security issue.

coveralls commented 6 years ago

Coverage remained the same at 55.356% when pulling 0acfe66a9963a83d71fcc77223663a370149a916 on bmwiedemann:worldwritable into 7670b0be39c20bcc757ad488af6c8afbc4a3c4c0 on duncs:master.