nightshift/security: apply completeFileProtection to image snippet files#1
Open
nightshift/security: apply completeFileProtection to image snippet files#1
Conversation
Image snippets could contain screenshots of sensitive content. The snippets.json was already protected with .completeFileProtection but the per-image PNG files in the images/ subdirectory were not, leaving them readable while the device is locked. Apply .completeFileProtection to each PNG immediately after writing it, and tighten the images/ directory itself to 0700 (matching snippyDir).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Image snippets (screenshots pasted via ⌘V) are stored as PNG files in
~/Library/Application Support/Snippy/images/. These files were written with plainData.write(to:)— no file-protection class — leaving them readable at the OS level while the device is locked, unlikesnippets.jsonwhich already used.completeFileProtection.Risk
A user who stores a screenshot of a password, token, or other sensitive content as an image snippet has that image accessible to any process with the same sandbox entitlements while the Mac is locked or in screensaver mode. The
snippets.jsonwas already guarded but image files were not, creating an inconsistent protection boundary.Fix
addImage(_:)now writes withoptions: [.atomic, .completeFileProtection](matching the pattern used forsnippets.json)0o600POSIX permissions after writeimages/directory itself is set to0o700ininit(), matchingsnippyDirNo logic changes — purely write-option additions.
Verification
Review the two changed call sites in
SnippetStore.swift:init()— addedsetAttributes([.posixPermissions: 0o700], …imagesDir)addImage(_:)—pngData.write(to: fileURL, options: [.atomic, .completeFileProtection])+setAttributes([.posixPermissions: 0o600], …)