Skip to content

Cherry-pick b1bbf3fff: harden temp dir perms for umask 0002#1247

Merged
alexey-pelykh merged 1 commit intomainfrom
cherry-pick/b1bbf3fff-harden-temp-perms
Mar 13, 2026
Merged

Cherry-pick b1bbf3fff: harden temp dir perms for umask 0002#1247
alexey-pelykh merged 1 commit intomainfrom
cherry-pick/b1bbf3fff-harden-temp-perms

Conversation

@alexey-pelykh
Copy link
Copy Markdown

@alexey-pelykh alexey-pelykh commented Mar 13, 2026

Cherry-pick from upstream

Field Value
Upstream commit b1bbf3fff
Author steipete (landed from openclaw#27860 by stakeswky)
Tier PICK (needs rebrand)

Hardens temp directory permissions for umask 0002 environments (multi-user hosts). Adds tryRepairWritableBits() that detects group/other-writable temp dirs and tightens to 0o700. Also adds explicit chmodSync after mkdirSync to counteract restrictive umask.

Adaptation

  • Applied to tmp-remoteclaw-dir.ts (renamed from tmp-openclaw-dir.ts in WI-142)
  • Rebranded all OpenClaw/openclaw references to RemoteClaw/remoteclaw in new code
  • CHANGELOG entry skipped (fork maintains separate changelog)
  • Fixed resolveDirState call in tryRepairWritableBits to pass explicit false (fork's signature requires 2 args)

Depends on #1246

Closes #666

@steipete @stakeswky @alexey-pelykh
fix: harden temp dir perms for umask 0002 (landed from openclaw#27860
87bf7d3 
…by @stakeswky)

Co-authored-by: 不做了睡大觉 <[email protected]>
(cherry picked from commit b1bbf3f)
@alexey-pelykh alexey-pelykh merged commit d0ab53f into main Mar 13, 2026
7 checks passed
@alexey-pelykh alexey-pelykh deleted the cherry-pick/b1bbf3fff-harden-temp-perms branch March 13, 2026 23:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Cherry-pick: Infrastructure Hardening

2 participants

@alexey-pelykh @steipete