Security vulnerabilities

  • Status Closed
  • Assigned To No-one
  • Private
Attached to Project: Security vulnerabilities
Opened by S_Haque - 02.07.2026
Last edited by cbay - 02.07.2026

FS#364 - Bug bounty — cross-tenant /tmp disclosure (FS#363) umask fix confirmed

Hi,

This is a follow-up to my security report ( FS #363 ) (cross-tenant file disclosure via the
shared /tmp on SSH/web hosts: files created with the default umask landed
world-readable (0644) and were readable by other tenants on the same host).

You made a change to the non-interactive umask and asked me to confirm it. I've
re-tested on ssh1 and can confirm it's fixed:

- umask now returns 0007 in the non-interactive case (ssh <host> umask, bash -c,
sh -c), not just interactive shells. Previously all of these returned 0022.
- A /tmp file created with the default umask is now 0660 (rw-rw—-) instead of 0644.
- My original cross-tenant test no longer works: a second account of mine, in a
different group, trying to read that file now gets "Permission denied".

Since the issue was valid, reproducible, and cross-tenant before the fix, I'd like to
request a small bounty for the report, at your discretion.

Thank you,
Sayada Zannat haque

Closed by  cbay
02.07.2026 15:38
Reason for closing:  Invalid
Admin
cbay commented on 02.07.2026 15:37

Hello,

You actually need to open a support ticket from our administration interface, not here.

Kind regards,
Cyril

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing