hstr
hstr copied to clipboard
Work with the file without restriction of rights
I may be wrong, but I see in your code working with a file without setting permissions. this can lead to a security problem. both by the vector of confidentiality (access to information) and by the vector of accessibility (for example, when using links).
I suggest considering setting limits using umask (0022);
and chmod (..., 0644);
https://github.com/dvorka/hstr/blob/298379d20404d4014a559e33dbff647c3bdbfa21/src/hstr_blacklist.c#L139 https://github.com/dvorka/hstr/blob/298379d20404d4014a559e33dbff647c3bdbfa21/src/hstr_favorites.c#L116
@ihsinme you are right! Thank you for reporting this security :lady_beetle:!