fix(store): chmod SQLite DB files to 0600 on open #119

2026-06-12T13:51:31Z

lerko commented

2026-06-12 13:51:31 +00:00

Summary

Bare-metal installs created the SQLite DB with the process umask (often 022), making uptop.db, -wal, and -shm world-readable. These files contain alert credentials and configuration.

Now os.Chmod(path, 0600) runs on all three files after sql.Open. Missing WAL/SHM siblings (not yet created by SQLite) are silently skipped via os.IsNotExist. Docker was already mitigated by the non-root UID 1000.

Test plan

go test -count=1 ./... — all pass
golangci-lint — 0 issues

## Summary Bare-metal installs created the SQLite DB with the process umask (often 022), making `uptop.db`, `-wal`, and `-shm` world-readable. These files contain alert credentials and configuration. Now `os.Chmod(path, 0600)` runs on all three files after `sql.Open`. Missing WAL/SHM siblings (not yet created by SQLite) are silently skipped via `os.IsNotExist`. Docker was already mitigated by the non-root UID 1000. ## Test plan - [x] `go test -count=1 ./...` — all pass - [x] `golangci-lint` — 0 issues

lerko added 1 commit 2026-06-12 13:51:31 +00:00

fix(store): chmod SQLite DB files to 0600 on open

CI / test (pull_request) Successful in 1m57s

Details

CI / lint (pull_request) Successful in 1m26s

Details

CI / vulncheck (pull_request) Successful in 1m2s

Details

c3eac80e14

Bare-metal installs created the DB with process umask (often 022),
making uptop.db, -wal, and -shm world-readable. These files contain
alert credentials and config. Now chmod 0600 after open. Missing
WAL/SHM siblings (not yet created) are silently skipped. Docker
installs were already mitigated by the non-root UID.

lerko merged commit c3eac80e14 into main

2026-06-12 13:59:27 +00:00

lerko deleted branch fix/sqlite-umask

2026-06-12 13:59:27 +00:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: lerkolabs/uptop#119