fix(security): atomic hub-auth-token writes (P1-5)
Some checks failed
Security / Security check (push) Failing after 1s
Some checks failed
Security / Security check (push) Failing after 1s
`hub_auth_token.dart` write() previously did
await f.writeAsString(token); // file is now 0644 (umask)
await Process.run('chmod', ['600', f.path]);
which leaves a TOCTOU window where the file is world-readable
between the writeAsString and the chmod call. On a multi-user
host another user could read the bearer token during that
window.
New flow:
await tmp.writeAsString(token); // .tmp file
await chmod(600, tmp.path); // restrict mode FIRST
await tmp.rename(f.path); // atomic POSIX rename
The destination is never visible with permissive perms. Also
sets `~/.fai/` itself to 0700 on Unix on first creation so
other users on a shared host can't enumerate the directory.
dart analyze clean; flutter test green (12 tests).
Bumped pubspec to 0.49.1.
Signed-off-by: flemming-it <stefan.a.flemming@googlemail.com>
This commit is contained in:
parent
23529bae82
commit
1c306916aa
2 changed files with 46 additions and 9 deletions
|
|
@ -1,7 +1,7 @@
|
|||
name: fai_studio
|
||||
description: "F∆I Studio — desktop GUI for the F∆I hub"
|
||||
publish_to: 'none'
|
||||
version: 0.49.0
|
||||
version: 0.49.1
|
||||
|
||||
environment:
|
||||
sdk: ^3.11.0-200.1.beta
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue