Luigi is a Python module that helps you build complex pipelines of batch jobs. It handles dependency resolution, workflow management, visualization etc. It also comes with Hadoop support built in.
Apache License 2.0
17.71k
stars
2.39k
forks
source link
Overly permissive file permissions in `luigi/lock.py` #3303
When creating a file, POSIX systems allow permissions to be specified for the owner, group, and others separately. Permissions should be kept as strict as possible, preventing other users from accessing the file's contents. Additionally, they can be used to write and execute malicious code for privileged escalation.
Hi,
I am reporting a potential security with overly permissive file permissions in
https://github.com/spotify/luigi/blob/master/luigi/lock.py#L103
When creating a file, POSIX systems allow permissions to be specified for the owner, group, and others separately. Permissions should be kept as strict as possible, preventing other users from accessing the file's contents. Additionally, they can be used to write and execute malicious code for privileged escalation.
References