This repository has no description
0

Configure Feed

Select the types of activity you want to include in your feed.

Restrict session directory and socket permissions

Create session directory with mode 0o700 and chmod sockets to
0o600 after creation. Prevents other local users from connecting
to sessions on systems where home directories are world-readable
(e.g., Debian/Ubuntu with default 0o755 home dirs).

Nathan Herald (Mar 28, 2026, 12:26 PM +0100) 274d6256 5fe14269

+2 -1
+1
src/server.ts
··· 171 171 ); 172 172 this.ready = new Promise((resolve) => { 173 173 this.socketServer.listen(socketPath, () => { 174 + try { fs.chmodSync(socketPath, 0o600); } catch {} 174 175 fs.writeFileSync(getPidPath(this.name), process.pid.toString()); 175 176 writeMetadata(this.name, { 176 177 command: options.command,
+1 -1
src/sessions.ts
··· 28 28 } 29 29 30 30 export function ensureSessionDir(): void { 31 - fs.mkdirSync(getSessionDir(), { recursive: true }); 31 + fs.mkdirSync(getSessionDir(), { recursive: true, mode: 0o700 }); 32 32 } 33 33 34 34 export function getSocketPath(name: string): string {