farion1231/cc-switch

Database files and .cc-switch directory lack explicit permission restrictions

Open

#3,265 创建于 2026年5月28日

在 GitHub 查看
 (1 评论) (0 反应) (0 负责人)Rust (4,558 fork)batch import
backendgood first issuesecurity

仓库指标

Star
 (71,012 star)
PR 合并指标
 (平均合并 6天 7小时) (30 天内合并 69 个 PR)

描述

Problem

The ~/.cc-switch/ directory and database files (cc-switch.db) are created without explicit permissions, inheriting the system default umask (typically 0o755 for directories and 0o644 for files). This allows other users on the same machine to read these files.

Current State

Some sensitive files already have strict permissions set:

  • settings.json0o600 (settings.rs:504)
  • copilot_auth.json0o600 (copilot_auth.rs:1282,1288)
  • codex_oauth_auth.json0o600 (codex_oauth_auth.rs:817,823)
  • Gemini .env file → 0o600, parent dir → 0o700 (gemini_config.rs:170,185)

However, the following locations lack permission protection:

  • ~/.cc-switch/ directory itself — created via multiple create_dir_all() calls with no explicit permissions (config.rs:184,198,206, database/mod.rs:101, database/backup.rs:63,309, etc.)
  • cc-switch.db database — created via rusqlite::Connection::open() with no explicit permissions (database/mod.rs:104)
  • Backup database files — same issue (database/backup.rs:324)
  • atomic_write first-time writes — when the target file doesn't exist, fs::metadata() fails silently and the new file gets default umask permissions (config.rs:230-237)

Suggested Fix

  1. Set 0o700 permissions on the ~/.cc-switch/ directory when first created
  2. Set 0o600 permissions on database files after creation
  3. Have atomic_write set reasonable default permissions (e.g., 0o600) when the target file doesn't exist yet

Environment

  • macOS / Linux (all permission-related code is inside #[cfg(unix)] blocks)
  • Windows uses ACLs and is not affected

贡献者指南