Problem
test-wrapper-mcp-error.sh:144, 146, 194, 196 redirects stderr to /tmp/stderr-$$.log. On shared filesystems, attacker pre-creates /tmp/stderr-12345.log as symlink to ~/.ssh/authorized_keys — 2> follows symlink, overwrites target.
Surfaced by Security Reviewer (F1 LOW), Codex (P3 #6).
Risk
- Single-user macOS dev: zero
- Shared CI/jump host: genuine TOCTOU
Expected
Use existing $TMPDIR (already mktemp -d):
ERRLOG="$TMPDIR/stderr.log"
STDOUT=$("$FAKE_WRAPPER" < /dev/null 2>"$ERRLOG")
trap cleans up.
Priority
P3 — LOW for current dev context. Harden before CI.
Source: surfaced during /idd-verify che-msg#31 (sister bug from verify ensemble — Codex + Devil's Advocate flagged convergently)
Verify report: #90 (comment)
Related issue: PsychQuant/che-msg#31
Related PR: psychquant-claude-plugins#90 (PR-1 ships v1.3.2)
🤖 Filed by /idd-verify Step 5b follow-up triage.
Problem
test-wrapper-mcp-error.sh:144, 146, 194, 196redirects stderr to/tmp/stderr-$$.log. On shared filesystems, attacker pre-creates/tmp/stderr-12345.logas symlink to~/.ssh/authorized_keys—2>follows symlink, overwrites target.Surfaced by Security Reviewer (F1 LOW), Codex (P3 #6).
Risk
Expected
Use existing
$TMPDIR(alreadymktemp -d):trap cleans up.
Priority
P3 — LOW for current dev context. Harden before CI.
Source: surfaced during
/idd-verify che-msg#31(sister bug from verify ensemble — Codex + Devil's Advocate flagged convergently)Verify report: #90 (comment)
Related issue: PsychQuant/che-msg#31
Related PR: psychquant-claude-plugins#90 (PR-1 ships v1.3.2)
🤖 Filed by
/idd-verifyStep 5b follow-up triage.