diff --git a/.jules/sentinel.md b/.jules/sentinel.md new file mode 100644 index 0000000..9509a27 --- /dev/null +++ b/.jules/sentinel.md @@ -0,0 +1,4 @@ +## 2025-02-25 - Insecure File Permissions in Backup Script +**Vulnerability:** The `tools/backup-projects.sh` script created backup archives and log directories without explicitly setting restrictive permissions. This meant that on multi-user systems (or even locally if shared), backup archives containing potentially sensitive project code and secrets were readable by other users (group/world readable depending on umask). +**Learning:** Default umask settings (often 022) are insufficient for security-critical operations like backups. Relying on default permissions assumes a secure environment, which is not always true. +**Prevention:** Always use `umask 077` in subshells when creating sensitive files or directories. Explicitly `chmod 700` directories and `chmod 600` files after creation to enforce defense-in-depth. diff --git a/tools/backup-projects.sh b/tools/backup-projects.sh index 1b7f6d2..209afd0 100755 --- a/tools/backup-projects.sh +++ b/tools/backup-projects.sh @@ -351,7 +351,9 @@ cmd_backup() { # Setup directories if [[ "$DRY_RUN" != true ]]; then mkdir -p "$BACKUP_TEMP_DIR" + chmod 700 "$BACKUP_TEMP_DIR" mkdir -p "$LOG_DIR" + chmod 700 "$LOG_DIR" else debug "Would create: $BACKUP_TEMP_DIR" debug "Would create: $LOG_DIR" @@ -411,6 +413,7 @@ cmd_backup() { ( cd "$HOME" || exit 1 + umask 077 if [[ "$VERBOSE" == true ]]; then # shellcheck disable=SC2086 zip -r "$archive_path" "${relative_paths[@]}" $exclude_args @@ -419,6 +422,8 @@ cmd_backup() { zip -r -q "$archive_path" "${relative_paths[@]}" $exclude_args fi ) + # Ensure strict permissions on the archive + [[ -f "$archive_path" ]] && chmod 600 "$archive_path" if [[ ! -f "$archive_path" ]]; then error "Failed to create archive"