Skip to content

Harden daemon control-file permissions#176

Open
paulsmith wants to merge 1 commit into
mainfrom
codex/daemon-control-file-permissions
Open

Harden daemon control-file permissions#176
paulsmith wants to merge 1 commit into
mainfrom
codex/daemon-control-file-permissions

Conversation

@paulsmith

Copy link
Copy Markdown
Collaborator

Summary

  • Harden the daemon control directory, PID file, and Unix socket to owner-only permissions.
  • Add regression tests covering daemon dir, PID file, and socket-path permissions.

Why

The local daemon exposes unauthenticated control RPCs, so permissive filesystem modes weakened the boundary around that control surface.

Verification

cd clicker && GOCACHE=/tmp/vibium-gocache go test ./internal/daemon
cd clicker && GOCACHE=/tmp/vibium-gocache go test ./...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant