Summary
Sensitive state files in ~/.aegis/ are created with world-readable permissions (644), exposing session metadata, tenant IDs, and owner key IDs to any local user.
Files affected
| File |
Permissions |
Contains |
state.json |
644 (world-readable) |
Session IDs, owner key IDs, tenant IDs, workDir paths, ACP session IDs |
acp-local-storage.json |
644 (world-readable) |
146 ACP session records with conversation/transcript IDs |
analytics-cache.json |
644 (world-readable) |
Usage metrics |
memory.json |
644 (world-readable) |
Aegis memory store |
Files correctly restricted
keys.json: 600 ✅auth-token: 600 ✅audit/*.log: 600 ✅
Expected
All files in ~/.aegis/ should be 600 (owner-only). The keys.json and auth-token already use correct permissions — the same should apply to state files.
Actual
$ ls -la ~/.aegis/
-rw-r--r-- acp-local-storage.json # 644 — world-readable
-rw-r--r-- state.json # 644 — world-readable
-rw-r--r-- analytics-cache.json # 644 — world-readable
-rw------- keys.json # 600 — correct
-rw------- auth-token # 600 — correct
Impact
On shared hosts or multi-user systems, any local user can read session metadata, enumerate active sessions, and map tenant/key relationships.
Version
Aegis v0.6.7-preview.1
Severity
Low — requires local access, but violates defense-in-depth
Summary
Sensitive state files in
~/.aegis/are created with world-readable permissions (644), exposing session metadata, tenant IDs, and owner key IDs to any local user.Files affected
state.jsonacp-local-storage.jsonanalytics-cache.jsonmemory.jsonFiles correctly restricted
keys.json: 600 ✅auth-token: 600 ✅audit/*.log: 600 ✅Expected
All files in
~/.aegis/should be 600 (owner-only). Thekeys.jsonandauth-tokenalready use correct permissions — the same should apply to state files.Actual
Impact
On shared hosts or multi-user systems, any local user can read session metadata, enumerate active sessions, and map tenant/key relationships.
Version
Aegis v0.6.7-preview.1
Severity
Low — requires local access, but violates defense-in-depth