Skip to content

Insecure file permissions for ~/.tmpo directory and files #142

Description

@DylanDevelops

The problem

The ~/.tmpo directory is created with 0755 permissions, and the database/config files are created with default 0644 permissions. This allows any other local user on the machine to read the SQLite database and YAML config, exposing sensitive billing data, hourly rates, and client names.

Release version

0.8.6

Operating system

macOS

Steps to reproduce the behavior

  1. Run tmpo start.
  2. Check the permissions of the created directory: ls -la ~/.tmpo.
  3. Observe drwxr-xr-x and -rw-r--r--.

Screenshots

No response

Additional context

Update the codebase to enforce 0700 for directories and 0600 for files (database, backups, and configs) to ensure privacy.

Metadata

Metadata

Assignees

No one assigned

    Labels

    status: awaiting triageWaiting for an issue to be addressed.type: bugAn issue that contains a bug report.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions