mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-07-09 13:21:42 +00:00
BaseEnvironment writes shell snapshots and cwd metadata through the process umask. With a common 022 umask, snapshot files containing exported environment state landed at mode 0644 even though they can include env-carried credentials from the parent process. Set umask 077 only around Hermes metadata writes: the initial snapshot bootstrap and the post-command snapshot/cwd refresh. User commands still run under the caller's original umask, while Hermes-owned snapshot and cwd files are created owner-only. This intentionally does not copy the source PR's global orphan sweep; deleting all matching /tmp snapshot files could interfere with concurrent Hermes processes. The security-critical local disclosure fix is the file mode clamp. This is salvageable because the source report still identifies a concrete credential-disclosure path, but the safe subset is smaller than the original proposal: clamp only the Hermes-owned snapshot writes and leave process-wide cleanup, user command umask, and concurrent sessions alone. Salvages source PR: https://github.com/NousResearch/hermes-agent/pull/20056 Related issue: https://github.com/NousResearch/hermes-agent/issues/48441 Co-authored-by: Andrew Homeyer <andrew@hndl.app> |
||
|---|---|---|
| .. | ||
| __init__.py | ||
| base.py | ||
| daytona.py | ||
| docker.py | ||
| file_sync.py | ||
| local.py | ||
| managed_modal.py | ||
| modal.py | ||
| modal_utils.py | ||
| singularity.py | ||
| ssh.py | ||