15308555518/ MaxKB
1
0
Fork 0
mirror of https://github.com/1Panel-dev/MaxKB.git synced 2025-12-26 01:33:05 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

fix: fix incorrect permission may introduce security vulnerabilities.

This commit is contained in:
liqiang-fit2cloud 2025-11-17 12:46:26 +08:00
parent d12b74f27c
commit c1eb6ac621
1 changed files with 0 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
apps/common/utils/tool_code.py
View File

@ -50,13 +50,10 @@ class ToolExecutor:
os.makedirs(execute_file_path, 0o500, exist_ok=True)
result_file_path = os.path.join(self.sandbox_path, 'result')
os.makedirs(result_file_path, 0o300, exist_ok=True)
tmp_file_path = os.path.join(self.sandbox_path, 'tmp')
os.makedirs(tmp_file_path, 0o600, exist_ok=True)
if self.sandbox:
os.system(f"chown {self.user}:root {self.sandbox_path}")
os.system(f"chown -R {self.user}:root {execute_file_path}")
os.system(f"chown -R {self.user}:root {result_file_path}")
os.system(f"chown -R {self.user}:root {tmp_file_path}")
os.chmod(self.sandbox_path, 0o550)
def exec_code(self, code_str, keywords):