Skip to content

fix: guard os.chmod(path.parent, 0o700) against system directories#26003

Closed
zccyman wants to merge 1 commit into
NousResearch:mainfrom
atyou2happy:fix/25821-safe-chmod-parent
Closed

fix: guard os.chmod(path.parent, 0o700) against system directories#26003
zccyman wants to merge 1 commit into
NousResearch:mainfrom
atyou2happy:fix/25821-safe-chmod-parent

Conversation

@zccyman

@zccyman zccyman commented May 14, 2026

Copy link
Copy Markdown
Contributor

Problem

os.chmod("/", 0o700) strips world-traversable permission from the root inode, breaking DNS, networking, journald, Docker, and most system services. This can happen when path.parent resolves to / (e.g. writing to /.hermes_tokens).

Fix

Add safe_chmod_parent() in agent/file_safety.py that:

  • Blocks chmod on / and 13 well-known system directories
  • Verifies parent exists and is a directory
  • Silently skips on failure (logs warning, no exception raised)

Replace all 5 os.chmod(path.parent, 0o700) call sites:

  • agent/google_oauth.py: Google OAuth credentials path
  • tools/mcp_oauth.py: MCP OAuth token path
  • hermes_cli/auth.py: auth store, Qwen CLI tokens, Nous shared store

Testing

  • 19 tests: all pass
  • Covers: normal chmod, root skip, 13 system dir skip, nonexistent parent, OSError, nested dirs

Closes #25821

@zccyman
fix: guard os.chmod(path.parent, 0o700) against system directories
f2cf601 
os.chmod("/", 0o700) strips world-traversable permission from the root
inode, breaking DNS, networking, journald, Docker, and most system
services. This can happen when path.parent resolves to / (e.g. writing
to /.hermes_tokens).

Add safe_chmod_parent() in agent/file_safety.py that:
- Blocks chmod on / and 13 well-known system directories
- Verifies parent exists and is a directory
- Silently skips on failure (logs warning, no exception)

Replace all 5 os.chmod(path.parent, 0o700) call sites:
- agent/google_oauth.py: credentials path
- tools/mcp_oauth.py: OAuth token path
- hermes_cli/auth.py: auth store, Qwen CLI, Nous shared store

Closes NousResearch#25821
@alt-glitch alt-glitch added type/security Security vulnerability or hardening comp/agent Core agent loop, run_agent.py, prompt builder comp/cli CLI entry point, hermes_cli/, setup wizard area/auth Authentication, OAuth, credential pools P1 High — major feature broken, no workaround labels May 15, 2026
@alt-glitch

alt-glitch commented May 15, 2026

Copy link
Copy Markdown
Collaborator

Duplicate of #25841 and #25831 — both add a safe-chmod-parent guard to prevent os.chmod(path.parent, 0o700) from bricking the host when parent resolves to / or system dirs. All three fix #25821.

@zccyman

zccyman commented May 15, 2026

Copy link
Copy Markdown
Contributor Author

Thanks @alt-glitch for the catch. Duplicate of #25841/#25831 — both guard os.chmod(path.parent, 0o700) against system directories. Closing in favor of #25841.

@zccyman zccyman closed this May 15, 2026
@alt-glitch alt-glitch mentioned this pull request May 17, 2026
Closed
@teknium1 teknium1 mentioned this pull request May 21, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

area/auth Authentication, OAuth, credential pools comp/agent Core agent loop, run_agent.py, prompt builder comp/cli CLI entry point, hermes_cli/, setup wizard P1 High — major feature broken, no workaround type/security Security vulnerability or hardening

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Bug: os.chmod(path.parent, 0o700) bricks host when path.parent resolves to /

2 participants

@zccyman @alt-glitch