Skip to content

[Security] File Permissions Not Enforced for Sensitive Files #3002

Closed
Closed
[Security] File Permissions Not Enforced for Sensitive Files#3002
Labels
bugSomething isn't working
@engrahsaninam

Description

@engrahsaninam
engrahsaninam
opened on Jan 27, 2026

Severity: Low

Description

Some file creation operations may not set restrictive permissions, potentially allowing other users on the system to read sensitive configuration or credential files.

Location

  • Various file creation operations throughout the codebase

Risk

Sensitive files (config, credentials, tokens) may be readable by other users on multi-user systems.

Recommendation

  • Ensure sensitive files are created with restrictive permissions (e.g., 0600)
  • Audit existing configuration files for proper permissions
  • Add permission checks on startup for critical files

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions