Overly permissive file permissions in luigi/lock.py
#3303
Comments
Ali-Razmjoo
added a commit
to Ali-Razmjoo/luigi
that referenced
this issue
Sep 4, 2024
Fixes spotify#3303 Update file permissions in `luigi/lock.py` to be more restrictive. * Change the file permissions of the `pid_dir` directory from `0o777` to `0o700` in the `acquire_for` function. * Update the test cases `test_acquiring_partially_taken_lock` and `test_acquiring_lock_from_missing_process` in `test/lock_test.py` to check for the new file permissions `0o700`.
Ali-Razmjoo
added a commit
to Ali-Razmjoo/luigi
that referenced
this issue
Sep 5, 2024
Fixes spotify#3303 Update file permissions in `luigi/lock.py` to be more restrictive. * Change the file permissions of the `pid_dir` directory from `0o777` to `0o700` in the `acquire_for` function. * Update the test cases `test_acquiring_partially_taken_lock` and `test_acquiring_lock_from_missing_process` in `test/lock_test.py` to check for the new file permissions `0o700`.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
I am reporting a potential security with overly permissive file permissions in
https://github.com/spotify/luigi/blob/master/luigi/lock.py#L103
When creating a file, POSIX systems allow permissions to be specified for the owner, group, and others separately. Permissions should be kept as strict as possible, preventing other users from accessing the file's contents. Additionally, they can be used to write and execute malicious code for privileged escalation.
References
The text was updated successfully, but these errors were encountered: