Fix overly permissive file permissions (os.ModePerm) (#4207)

Several file operations used os.ModePerm (0777) which makes files
world-writable and world-readable, violating the principle of least
privilege:

- database/db.go: InitDB directory creation → 0755
- xray/process.go: Xray config write → 0644
- xray/process.go: Crash report write → 0644
- web/service/server.go: Binary extraction → 0755

Also removes unused "io/fs" imports from the affected files.
This commit is contained in:
Qiaochu Hu
2026-05-10 20:47:28 +08:00
committed by GitHub
parent dee2525d5f
commit 24cd271486
3 changed files with 4 additions and 7 deletions
+1 -2
View File
@@ -7,7 +7,6 @@ import (
"encoding/json"
"fmt"
"io"
"io/fs"
"mime/multipart"
"net/http"
"os"
@@ -660,7 +659,7 @@ func (s *ServerService) UpdateXray(version string) error {
defer zipFile.Close()
os.MkdirAll(filepath.Dir(fileName), 0755)
os.Remove(fileName)
file, err := os.OpenFile(fileName, os.O_CREATE|os.O_RDWR|os.O_TRUNC, fs.ModePerm)
file, err := os.OpenFile(fileName, os.O_CREATE|os.O_RDWR|os.O_TRUNC, 0755)
if err != nil {
return err
}