Closed ihsinme closed 2 years ago
pá 3. 12. 2021 v 17:20 odesílatel ihsinme @.***> napsal:
I may be wrong, but I see in your code working with a file without setting permissions. this can lead to a security problem. both by the vector of confidentiality (access to information) and by the vector of accessibility (for example, when using links). I suggest considering setting limits using umask (0022) and chmod (..., 0644)
https://github.com/okbob/pspg/blob/a3b15fdad70123bb0b82f4b7df668c25029d6dfd/src/config.c#L112
Today the config file contains zero security sensitive informations - but maybe for future I applied your proposed changes
fa0ca79b7d06ce482db684a3d03e19e60ab76f56
Thank you for tip
Regards
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/okbob/pspg/issues/197, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAEFO45FYAYICYXRU7JQPBTUPDU6TANCNFSM5JKCDR2Q . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
I may be wrong, but I see in your code working with a file without setting permissions. this can lead to a security problem. both by the vector of confidentiality (access to information) and by the vector of accessibility (for example, when using links). I suggest considering setting limits using
umask (0022)
andchmod (..., 0644)
https://github.com/okbob/pspg/blob/a3b15fdad70123bb0b82f4b7df668c25029d6dfd/src/config.c#L112