fix(s6): fix world-writable temp dir — proper tests#217
Merged
Conversation
elazarcoh
force-pushed
the
fix/s6-world-writable-dir
branch
from
aa86c61 to
ee5a327
Compare
An error occurred while trying to automatically change base from
ci/vitest-framework
to
main
March 7, 2026 21:32
elazarcoh
force-pushed
the
fix/s6-world-writable-dir
branch
from
ee5a327 to
35a801a
Compare
elazarcoh
force-pushed
the
fix/s6-world-writable-dir
branch
from
35a801a to
0623d20
Compare
✅ CI Results🧪 Tests
📦 Artifactsscreenshots-ubuntu-latest · test-results · extension-vsix · ts-unit-test-results · python-unit-test-results |
elazarcoh
force-pushed
the
fix/s6-world-writable-dir
branch
from
0623d20 to
717838f
Compare
elazarcoh
commented
Mar 8, 2026
The temp directory for saved images was created with 0o777 (world-writable), allowing any user on the system to read, modify, or delete debug images. Changed to 0o700 (owner-only rwx) which is sufficient since only the current user's VS Code instance needs access. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…r; real OS permission check Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
elazarcoh
force-pushed
the
fix/s6-world-writable-dir
branch
from
78d2042 to
0ff135e
Compare
… fallback - Add getUserSpecificTempDir() to use XDG_RUNTIME_DIR on Linux (kernel-isolated per-user) - Fallback to /tmp/svifpd-<uid>/images on other systems - Each user gets isolated directory with 0o700 permissions (owner-only) - Fixes multi-user safety issue where User A's 0o700 dir blocked User B access - Add comprehensive dir-permissions tests verifying isolation and safe permissions Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Rebased on ci/vitest-framework. Replaced hand-rolled JS test with vitest dir-permissions.test.ts that performs real OS permission checks. Verifies 0o700 mode.