vrr/spawn
2
0
Fork 0
mirror of https://github.com/OpenRouterTeam/spawn.git synced 2026-05-19 08:01:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 8
spawn/sh/shared
History
A 7080d80472
fix(security): prevent race condition in GitHub token file permissions (#3035) 
Before this change, gh auth login wrote the token file with default
permissions, and chmod 600 was applied afterward — leaving a window
where the file could be read by other users on multi-user systems.

Now the credential directory is created with 700 permissions and umask
is set to 077 before the write, so the token file is created with
restrictive permissions from the start.

Agent: complexity-hunter
Fixes #3030

Co-authored-by: B <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-03-26 16:59:42 -07:00
..
github-auth.sh fix(security): prevent race condition in GitHub token file permissions (#3035) 2026-03-26 16:59:42 -07:00
key-request.sh feat(qa): telegram soak test on digitalocean + fix bun -e (#2547) 2026-03-12 19:45:18 -04:00
sprite-keep-running.sh fix: add sprite-keep-running.sh, remove Hetzner from Packer, cleanup on cancel (#2869) 2026-03-22 18:13:38 +00:00