Fix overly permissive file permissions (os.ModePerm) (#4207)
Several file operations used os.ModePerm (0777) which makes files world-writable and world-readable, violating the principle of least privilege: - database/db.go: InitDB directory creation → 0755 - xray/process.go: Xray config write → 0644 - xray/process.go: Crash report write → 0644 - web/service/server.go: Binary extraction → 0755 Also removes unused "io/fs" imports from the affected files.
This commit is contained in:
@@ -7,7 +7,6 @@ import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io"
|
||||
"io/fs"
|
||||
"mime/multipart"
|
||||
"net/http"
|
||||
"os"
|
||||
@@ -660,7 +659,7 @@ func (s *ServerService) UpdateXray(version string) error {
|
||||
defer zipFile.Close()
|
||||
os.MkdirAll(filepath.Dir(fileName), 0755)
|
||||
os.Remove(fileName)
|
||||
file, err := os.OpenFile(fileName, os.O_CREATE|os.O_RDWR|os.O_TRUNC, fs.ModePerm)
|
||||
file, err := os.OpenFile(fileName, os.O_CREATE|os.O_RDWR|os.O_TRUNC, 0755)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user