Skip to content

Session recording files created with permissive default permissions #24743

Open
#26063
Open
Session recording files created with permissive default permissions#24743
#26063
Labels
area/securityIssues related to securitypriority/p2Important but can be addressed in a future release.status/need-triageIssues that need to be triaged by the triage automation.
@DELENE-TCHIO-ROMUALD

Description

@DELENE-TCHIO-ROMUALD
DELENE-TCHIO-ROMUALD
opened on Apr 6, 2026

ChatRecordingService creates session files and directories without explicit file permissions, relying on the default umask (typically 0644 for files and 0755 for directories on Linux). This makes conversation history readable by any local user on shared systems.

FileKeychain in the same codebase correctly uses mode: 0o700 for directories and mode: 0o600 for files when handling sensitive data.

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/securityIssues related to securitypriority/p2Important but can be addressed in a future release.status/need-triageIssues that need to be triaged by the triage automation.

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions