Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cache: too much permissions #782

Closed
jimen0 opened this issue Oct 4, 2019 · 1 comment
Closed

cache: too much permissions #782

jimen0 opened this issue Oct 4, 2019 · 1 comment
Labels
enhancement New feature or improvement topic: security

Comments

@jimen0
Copy link
Contributor

jimen0 commented Oct 4, 2019

  1. Version of golangci-lint: golangci-lint --version: current HEAD: fd997edeeb4ac277823750d746394d80f03d7ec1
  2. Config file: cat .golangci.yml: N/A
  3. Go environment: go version && go env: N/A
  4. Verbose output of running: golangci-lint run -v: N/A

While reading golangci-lint source code I found that the cache initialization method creates the directory using too many permissions:

// initDefaultCache does the work of finding the default cache
// the first time Default is called.
func initDefaultCache() {
dir := DefaultDir()
if err := os.MkdirAll(dir, 0777); err != nil {
log.Fatalf("failed to initialize build cache at %s: %s\n", dir, err)
}
if _, err := os.Stat(filepath.Join(dir, "README")); err != nil {
// Best effort.
ioutil.WriteFile(filepath.Join(dir, "README"), []byte(cacheREADME), 0666)
}
c, err := Open(dir)
if err != nil {
log.Fatalf("failed to initialize build cache at %s: %s\n", dir, err)
}
defaultCache = c
}

Are world executable and world-writable really needed? If not, I'd be open to creating a PR.

Thanks!

@jirfag
Copy link
Contributor

jirfag commented Oct 4, 2019

Hi, good points, thank you

@tpounds tpounds added the enhancement New feature or improvement label Oct 4, 2019
@jirfag jirfag closed this as completed in 8e0197e Oct 6, 2019
theckman pushed a commit to theckman/golangci-lint that referenced this issue May 3, 2020
$ git cherry --abbrev -v 0af0999fabfb ee9bf5809ead
+ abd8436 all: enable Go modules on CI (golangci#753)
+ 3c9d0fb checkers: recognize //line and //nolint in commentFormatting (golangci#756)
+ 0b517d7 checkers: extend deprecatedComment patterns (golangci#757)
+ 09100f6 checkers: use astcast package instead of coerce.go (golangci#758)
+ 2e9e97f checker: simplify boolExprSimplify (golangci#759)
+ 575701e make: add go-consistent to CI checks list (golangci#761)
+ b55f431 checkers: fix unlambda handling of builtins (golangci#763)
+ 5a7dee3 checker: handle lambdas properly in boolExprSimplify (golangci#765)
+ 5ce3939 checkers: teach boolExprSimplify a few new tricks (golangci#766)
+ 04d160f checkers: add new patterns to boolExprSimplify (golangci#768)
+ 09582e2 make: collect coverprofile separately from goveralls (golangci#769)
+ d8d0ee4 checkers: recognize NOTE pattern in deprecatedComment (golangci#770)
+ 12f0f85 Update copyright notice to 2019 (golangci#771)
+ f54bdb6 checkers: add stringXbytes checker
+ 170d65c checkers: followup for golangci#773 (golangci#774)
+ 84e9e83 checkers: make stringXbytes more linear (golangci#775)
+ a800815 checkers: add Depreacted typo pattern (golangci#776)
+ 6751be9 checkers: add hexLiterals (golangci#772)
+ ac61906 checkers: add typeAssertChain checker (golangci#782)
+ d19dbf1 checkers: add codegenComment checker (golangci#783)
+ d82b576 checkers: proper pkg/obj check for flagName (golangci#786)
+ dfcf754 ci: enable integration tests (golangci#787)
+ 5dafc45 checkers: fix equalFold false positive (golangci#788)
+ ed5e8e7 checkers: refactor and fix hexLiteral checker (golangci#789)
+ e704e07 checkers: add argOrder checker (golangci#790)
+ 34c1dc8 checkers: add Split handling to argOrder checker (golangci#791)
+ cbe095d checkers: add math.Max and math.Min to dupArg (golangci#792)
+ c986ee5 checkers: add checkers info fields test (golangci#794)
+ 66e5832 cmd/makedocs: use lintpack, fix build (golangci#793)
+ 6bce9d0 cmd/makedocs: add enabled/disabled by default info (golangci#795)
+ 4adbf9a checkers: simplify flagName (golangci#799)
+ 07de34a checkers: add octalLiteral checker (golangci#798)
+ 765907a cmd/makedocs: add checker param docs (golangci#796)
+ ee9bf58 cmd/makedocs: fix headers formatting (golangci#803)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or improvement topic: security
Projects
None yet
Development

No branches or pull requests

3 participants