From 636fc867e2d8a933067c31cda2ec80066ab55339 Mon Sep 17 00:00:00 2001 From: "Manu [tennox]" Date: Tue, 31 Mar 2026 17:23:17 +0000 Subject: [PATCH] fix: use 0666 permissions for temp files so umask is respected MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit os.CreateTemp hardcodes mode 0600, which means renamed block files inherit 0600 regardless of the process umask. This prevents other users/processes from reading the blockstore even with correct group membership and a permissive umask (e.g. 0022). Chmod temp files to 0666 after creation (unix) and create with 0666 (windows) so the umask controls final permissions — consistent with the batch path which already uses os.Create / OpenFile with 0666. Assisted-By: claude-opus-4-6 via Claude Code --- util_unix.go | 12 +++++++++++- util_windows.go | 2 +- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/util_unix.go b/util_unix.go index 366130b..a374ad8 100644 --- a/util_unix.go +++ b/util_unix.go @@ -7,7 +7,17 @@ import ( ) func tempFileOnce(dir, pattern string) (*os.File, error) { - return os.CreateTemp(dir, pattern) + f, err := os.CreateTemp(dir, pattern) + if err != nil { + return nil, err + } + // os.CreateTemp hardcodes 0600; relax to 0666 so umask controls final permissions + if err := f.Chmod(0666); err != nil { + f.Close() + os.Remove(f.Name()) + return nil, err + } + return f, nil } func readFileOnce(filename string) ([]byte, error) { diff --git a/util_windows.go b/util_windows.go index ac0f76b..99074f0 100644 --- a/util_windows.go +++ b/util_windows.go @@ -61,7 +61,7 @@ func tempFileOnce(dir, pattern string) (f *os.File, err error) { nconflict := 0 for i := 0; i < 10000; i++ { name := filepath.Join(dir, prefix+nextRandom()+suffix) - f, err = goissue34681.OpenFile(name, os.O_RDWR|os.O_CREATE|os.O_EXCL, 0600) + f, err = goissue34681.OpenFile(name, os.O_RDWR|os.O_CREATE|os.O_EXCL, 0666) if os.IsExist(err) { if nconflict++; nconflict > 10 { randmu.Lock()