work with the file without restriction of rights.
ihsinme opened this issue · 1 comments
ihsinme commented
I may be wrong, but I see in your code working with a file without setting permissions. this can lead to a security problem. both by the vector of confidentiality (access to information) and by the vector of accessibility (for example, when using links).
I suggest considering setting limits using umask (0022) and chmod (..., 0644)
Line 112 in a3b15fd
okbob commented
pá 3. 12. 2021 v 17:20 odesílatel ihsinme ***@***.***> napsal:
I may be wrong, but I see in your code working with a file without setting
permissions. this can lead to a security problem. both by the vector of
confidentiality (access to information) and by the vector of accessibility
(for example, when using links).
I suggest considering setting limits using umask (0022) and chmod (...,
0644)
https://github.com/okbob/pspg/blob/a3b15fdad70123bb0b82f4b7df668c25029d6dfd/src/config.c#L112
Today the config file contains zero security sensitive informations - but
maybe for future I applied your proposed changes
fa0ca79
Thank you for tip
Regards
… —
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#197>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAEFO45FYAYICYXRU7JQPBTUPDU6TANCNFSM5JKCDR2Q>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.