farion1231/cc-switch

Database files and .cc-switch directory lack explicit permission restrictions

Open

#3,265 opened on May 28, 2026

View on GitHub
 (1 comment) (0 reactions) (0 assignees)Rust (71,012 stars) (4,558 forks)batch import
backendgood first issuesecurity

Description

Problem

The ~/.cc-switch/ directory and database files (cc-switch.db) are created without explicit permissions, inheriting the system default umask (typically 0o755 for directories and 0o644 for files). This allows other users on the same machine to read these files.

Current State

Some sensitive files already have strict permissions set:

  • settings.json0o600 (settings.rs:504)
  • copilot_auth.json0o600 (copilot_auth.rs:1282,1288)
  • codex_oauth_auth.json0o600 (codex_oauth_auth.rs:817,823)
  • Gemini .env file → 0o600, parent dir → 0o700 (gemini_config.rs:170,185)

However, the following locations lack permission protection:

  • ~/.cc-switch/ directory itself — created via multiple create_dir_all() calls with no explicit permissions (config.rs:184,198,206, database/mod.rs:101, database/backup.rs:63,309, etc.)
  • cc-switch.db database — created via rusqlite::Connection::open() with no explicit permissions (database/mod.rs:104)
  • Backup database files — same issue (database/backup.rs:324)
  • atomic_write first-time writes — when the target file doesn't exist, fs::metadata() fails silently and the new file gets default umask permissions (config.rs:230-237)

Suggested Fix

  1. Set 0o700 permissions on the ~/.cc-switch/ directory when first created
  2. Set 0o600 permissions on database files after creation
  3. Have atomic_write set reasonable default permissions (e.g., 0o600) when the target file doesn't exist yet

Environment

  • macOS / Linux (all permission-related code is inside #[cfg(unix)] blocks)
  • Windows uses ACLs and is not affected

Contributor guide

Tech stack
rust
Domain
securitybackend
Issue type
bug
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
2
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
1-3 hours
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
active
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
clear
Prerequisites
Rustunix file permissions
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
70
Research direction
Add explicit permission settings using `std::fs::set permissions` after creating the directory and database files. For the directory, use `0o700`; for database files, use `0o600`. For `atomic write`, when the file doesn't exist, set permissions to `0o600` after writing. Ensure all changes are inside `#[cfg(unix)]` blocks.