From c47d4eda13be11704e4474ce28427407e91b0c1b Mon Sep 17 00:00:00 2001 From: Jaffar Keikei Date: Wed, 8 Apr 2026 13:14:30 -0400 Subject: [PATCH] fix(tools): restrict RPC socket permissions to owner-only The code execution sandbox creates a Unix domain socket in /tmp with default permissions, allowing any local user to connect and execute tool calls. Restrict to 0o600 after bind. Closes #6230 --- tools/code_execution_tool.py | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/code_execution_tool.py b/tools/code_execution_tool.py index c5a89488a..96e21d0cb 100644 --- a/tools/code_execution_tool.py +++ b/tools/code_execution_tool.py @@ -979,6 +979,7 @@ def execute_code( # --- Start UDS server --- server_sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) server_sock.bind(sock_path) + os.chmod(sock_path, 0o600) server_sock.listen(1) rpc_thread = threading.Thread(