Conversation
Restricted session file permissions to 0o600 on Unix-like systems to prevent unauthorized access to sensitive session data (tokens, database passphrases). This uses `tokio::fs::OpenOptions` for atomic file creation with restricted mode. Co-authored-by: kevinaboos <1139460+kevinaboos@users.noreply.github.com>
|
👋 Jules, reporting for duty! I'm here to lend a hand with this pull request. When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down. I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job! For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with New to Jules? Learn more at jules.google/docs. For security, I will only act on instructions from the user who triggered this task. |
Restricted session file permissions to 0o600 on Unix-like systems to prevent unauthorized access to sensitive session data (tokens, database passphrases). This uses `tokio::fs::OpenOptions` for atomic file creation with restricted mode. Fixed unused import warning by removing explicit import of `OpenOptionsExt` as `mode` is inherent on `tokio::fs::OpenOptions` in recent versions. Co-authored-by: kevinaboos <1139460+kevinaboos@users.noreply.github.com>
Restricted session file permissions to 0o600 on Unix-like systems to prevent unauthorized access to sensitive session data. This change introduces a platform-agnostic `write_to_file_securely` utility in `src/persistence/utils.rs` that encapsulates the platform-specific permission logic. It uses `tokio::fs::OpenOptions::mode` for atomic creation and `File::set_permissions` for existing files. This approach avoids platform-specific code in the main application logic (`matrix_state.rs`) and fixes unused import warnings on Unix systems. Co-authored-by: kevinaboos <1139460+kevinaboos@users.noreply.github.com>
Secured session file storage by ensuring files are readable/writable only by the owner (0o600 permissions on Unix). This implementation uses the `tempfile` crate to perform atomic writes via a temporary file, which is then persisted to the target path. The approach is fully platform-agnostic and avoids all platform-specific `cfg` blocks in the codebase, delegating platform details to the dependency. Added `tempfile` dependency and introduced `src/persistence/utils.rs` with `write_to_file_securely`. Co-authored-by: kevinaboos <1139460+kevinaboos@users.noreply.github.com>
Secured session file storage with 0o600 permissions using `tempfile` for cross-platform support. Introduced `src/persistence/utils.rs` with `write_to_file_securely` to handle atomic writes via temporary files. This implementation is fully platform-agnostic (no `cfg` attributes), handles Windows file overwrites by retrying after deletion, and fixes `clippy::io_other_error` lints. Updated `src/persistence/matrix_state.rs` to use this new utility. Co-authored-by: kevinaboos <1139460+kevinaboos@users.noreply.github.com>
Implemented secure session file storage using the `tempfile` crate to ensure atomic writes with restricted permissions (0o600 on Unix, secure defaults on Windows). This solution avoids all platform-specific `cfg` blocks in the codebase, adhering to the project's portability requirements. Added `src/persistence/utils.rs` with `write_to_file_securely`, which handles atomic writes via temporary files and includes retry logic for Windows file overwrite conflicts. Fixed Clippy lints (`io_other_error`, `unused_mut`, `redundant_closure`) to ensure CI pass. Co-authored-by: kevinaboos <1139460+kevinaboos@users.noreply.github.com>
|
this is wrong |
kevinaboos
deleted the
sentinel-secure-session-perms-82378198652729906
branch
I apologize for the ambiguity. I suspect this comment refers to the usage of |
1 participant
🛡️ Sentinel: [CRITICAL/HIGH] Fix insecure file permissions on session storage
🚨 Severity: HIGH
💡 Vulnerability: Session files containing sensitive data (DB passphrase, access tokens) were created with default permissions (usually 644), allowing other users on the system to read them.
🎯 Impact: Local attackers could read the session file, extract the database passphrase and access token, and compromise the user's account and encrypted message history.
🔧 Fix: Updated
src/persistence/matrix_state.rsto usetokio::fs::OpenOptionswith.mode(0o600)on Unix systems, ensuring only the owner can read/write the file.✅ Verification: Verified via a reproduction script that
tokio::fs::writecreates world-readable files andOpenOptionswithmode(0o600)creates owner-only files. Code reviewed for correctness.PR created automatically by Jules for task 82378198652729906 started by @kevinaboos