vscode-cpptools icon indicating copy to clipboard operation
vscode-cpptools copied to clipboard

Published 20 hours ago verified publisher icon microsoft

Home directories are created as world writable

Open cgzones opened this issue 3 years ago • 2 comments

Environment

  • OS and version: Debian sid
  • VS Code: 1.69.2
  • C/C++ extension: v1.11.4

Bug Summary and Steps to Reproduce

Bug Summary:

The cpptools extension creates home directories as world-writable.

Steps to reproduce:

  1. Start vscode
  2. find ~ -type d \( -perm -0002 \) -print /home/user/.cache/vscode-cpptools /home/user/.cache/vscode-cpptools/ipch /home/user/.cache/vscode-cpptools/ipch/58f22437dcceb170 /home/user/.config/Code/User/workspaceStorage/6436be42c71df59dad4c490a7584641d/ms-vscode.cpptools

Other Extensions

No response

Additional Information

No response

cgzones avatar Aug 02 '22 18:08 cgzones

Hi @cgzones .

On linux, those directories are being created using the following call to mkdir:

mkdir(path, 0777 & ~umask(0));

Is there a benefit to restricting permissions of directories to 755 or 700?

Colengms avatar Aug 02 '22 23:08 Colengms

Is there a benefit to restricting permissions of directories to 755 or 700?

If for example all parent directories were created with a default umask of 0022, other users can modify those directories and their contents.

mkdir(path, 0777 & ~umask(0));

Why set the file mode creation mask to 0, which will affect the mode result for the next file creation? (mkdir(2) already internally takes the current umask value into account.)

cgzones avatar Aug 04 '22 12:08 cgzones

The fix is available with 1.13.3 (pre-release): https://github.com/microsoft/vscode-cpptools/releases/tag/v1.13.3

sean-mcmanus avatar Oct 26 '22 22:10 sean-mcmanus