Skip to content

πŸ›‘οΈ Sentinel: [CRITICAL] Fix symlink vulnerability in config permissions enforcement #277

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
acebytes wants to merge 1 commit into
base: main
Choose a base branch
from
Open

πŸ›‘οΈ Sentinel: [CRITICAL] Fix symlink vulnerability in config permissions enforcement #277

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .jules/sentinel.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,3 +31,7 @@
**Vulnerability:** External shell command executed in `listLocalSnapshots()` triggered a deadlock when `tmutil` output exceeded 64KB, because stdout and stderr were read synchronously inside the process termination handler.
**Learning:** In Swift, reading from a process pipe synchronously inside a `terminationHandler` can result in a permanent deadlock if the child blocks writing to a full pipe, preventing it from exiting.
**Prevention:** Asynchronously drain pipes continuously while the process is running using background queues.
## 2026-05-21 - Insecure Permissions Enforcement via chmod
**Vulnerability:** Enforcing file permissions using `chmod(path, 0o600)` on user-controlled paths (like config files) is vulnerable to symlink attacks. An attacker can swap the file for a symlink to a critical system file, causing the daemon to alter the target's permissions.
**Learning:** `chmod` follows symlinks. Modifying permissions on paths that might be manipulated by lower-privileged users creates a time-of-check to time-of-use (TOCTOU) vulnerability.
**Prevention:** Never use `chmod` on potentially untrusted paths. Instead, use `open()` with the `O_NOFOLLOW` flag to safely obtain a file descriptor, ensuring it's not a symlink, and then use `fchmod()` on the descriptor.
11 changes: 9 additions & 2 deletions Sources/Cacheout/Headless/DaemonMode.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -966,8 +966,15 @@ public actor DaemonMode: StatusSocket.DataSource {
return
}

// Enforce 0600 permissions
chmod(path, 0o600)
// Enforce 0600 permissions safely, preventing symlink attacks
URL(fileURLWithPath: path).withUnsafeFileSystemRepresentation { pathPtr in
guard let ptr = pathPtr else { return }
let fd = open(ptr, O_RDONLY | O_NOFOLLOW)
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot May 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Open config fd without requiring read permission

Opening autopilot.json with O_RDONLY | O_NOFOLLOW makes permission repair fail whenever the file exists but is not currently readable (for example mode 0200 or 0000), because open returns EACCES before fchmod can run. That causes the subsequent contents(atPath:) read to fail and the daemon to treat the config as broken, whereas the previous chmod(path, 0o600) path could recover these owner-mispermissioned files. This is a functional regression in config reload behavior for restricted-but-valid files.

Useful? React with πŸ‘Β / πŸ‘Ž.

if fd >= 0 {
fchmod(fd, S_IRUSR | S_IWUSR)
close(fd)
}
}

// Read file
guard let data = FileManager.default.contents(atPath: path) else {
Expand Down
Loading