Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
vault-password: ensure other users can't read vault password #11756
I took inspiration for this from other common utilities like ssh-agent and postgresql that will fail when given overly permissive files. Example from postgresql documentation:
I do follow you that this would be a nuisance to some subset of users (though I doubt many), but this is such an important security consideration that I'd argue for the interests of the majority of users, who will be better served by the more restrictive default.
(Ideally I'd even like to confirm that the file isn't tracked by git or other revision control systems, but that's for another pull request.)
@billwanjohi Greetings! Thanks for taking the time to open this pullrequest. In order for the community to handle your pullrequest effectively, we need a bit more information.
Here are the items we could not find in your description:
Please set the description of this pullrequest with this template:
I don't think this relates very well to ssh-agent or pgsql