Skip to content

🛡️ Sentinel: Fix TOCTOU vulnerability in SSH key creation #21

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
kidchenko wants to merge 1 commit into
base: main
Choose a base branch
from
Open

🛡️ Sentinel: Fix TOCTOU vulnerability in SSH key creation #21

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .jules/sentinel.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
## 2024-05-22 - Secure File Creation in Shell Scripts

Check failure on line 1 in .jules/sentinel.md

View workflow job for this annotation

GitHub Actions / Lint Documentation

First line in a file should be a top-level heading 

.jules/sentinel.md:1 MD041/first-line-heading/first-line-h1 First line in a file should be a top-level heading [Context: "## 2024-05-22 - Secure File Cr..."] https://github.com/DavidAnson/markdownlint/blob/v0.34.0/doc/md041.md

Check failure on line 1 in .jules/sentinel.md

View workflow job for this annotation

GitHub Actions / Lint Documentation

Headings should be surrounded by blank lines 

.jules/sentinel.md:1 MD022/blanks-around-headings Headings should be surrounded by blank lines [Expected: 1; Actual: 0; Below] [Context: "## 2024-05-22 - Secure File Creation in Shell Scripts"] https://github.com/DavidAnson/markdownlint/blob/v0.34.0/doc/md022.md
**Vulnerability:** TOCTOU race condition when creating sensitive files (like SSH keys) using redirection (`>`) followed by `chmod`.

Check failure on line 2 in .jules/sentinel.md

View workflow job for this annotation

GitHub Actions / Lint Documentation

Line length 

.jules/sentinel.md:2:81 MD013/line-length Line length [Expected: 80; Actual: 131] https://github.com/DavidAnson/markdownlint/blob/v0.34.0/doc/md013.md
**Learning:** Files created via redirection inherit default permissions (usually 644/666) before `chmod` runs, leaving a window where they are world-readable.

Check failure on line 3 in .jules/sentinel.md

View workflow job for this annotation

GitHub Actions / Lint Documentation

Line length 

.jules/sentinel.md:3:81 MD013/line-length Line length [Expected: 80; Actual: 158] https://github.com/DavidAnson/markdownlint/blob/v0.34.0/doc/md013.md
**Prevention:** Use `umask` inside a subshell to strictly control permissions at creation time: `(umask 077; command > file)`.

Check failure on line 4 in .jules/sentinel.md

View workflow job for this annotation

GitHub Actions / Lint Documentation

Line length 

.jules/sentinel.md:4:81 MD013/line-length Line length [Expected: 80; Actual: 126] https://github.com/DavidAnson/markdownlint/blob/v0.34.0/doc/md013.md
Comment on lines +1 to +4
Copy link

@coderabbitai coderabbitai bot Feb 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Fix markdownlint violations (H1 + blank lines + wrap long lines).

The file fails MD041 (first line should be H1), MD022 (blank lines around heading), and MD013 (line length).

✅ Suggested fix 
-## 2024-05-22 - Secure File Creation in Shell Scripts
-**Vulnerability:** TOCTOU race condition when creating sensitive files (like SSH keys) using redirection (`>`) followed by `chmod`.
-**Learning:** Files created via redirection inherit default permissions (usually 644/666) before `chmod` runs, leaving a window where they are world-readable.
-**Prevention:** Use `umask` inside a subshell to strictly control permissions at creation time: `(umask 077; command > file)`.
+# 2024-05-22 - Secure File Creation in Shell Scripts
+
+**Vulnerability:** TOCTOU race condition when creating sensitive files (like SSH keys)
+using redirection (`>`) followed by `chmod`.
+
+**Learning:** Files created via redirection inherit default permissions (usually
+644/666) before `chmod` runs, leaving a window where they are world-readable.
+
+**Prevention:** Use `umask` inside a subshell to strictly control permissions at
+creation time: `(umask 077; command > file)`.
🧰 Tools
🪛 GitHub Check: Lint Documentation

[failure] 4-4: Line length
.jules/sentinel.md:4:81 MD013/line-length Line length [Expected: 80; Actual: 126] https://github.com/DavidAnson/markdownlint/blob/v0.34.0/doc/md013.md

[failure] 3-3: Line length
.jules/sentinel.md:3:81 MD013/line-length Line length [Expected: 80; Actual: 158] https://github.com/DavidAnson/markdownlint/blob/v0.34.0/doc/md013.md

[failure] 2-2: Line length
.jules/sentinel.md:2:81 MD013/line-length Line length [Expected: 80; Actual: 131] https://github.com/DavidAnson/markdownlint/blob/v0.34.0/doc/md013.md

[failure] 1-1: First line in a file should be a top-level heading
.jules/sentinel.md:1 MD041/first-line-heading/first-line-h1 First line in a file should be a top-level heading [Context: "## 2024-05-22 - Secure File Cr..."] https://github.com/DavidAnson/markdownlint/blob/v0.34.0/doc/md041.md

[failure] 1-1: Headings should be surrounded by blank lines
.jules/sentinel.md:1 MD022/blanks-around-headings Headings should be surrounded by blank lines [Expected: 1; Actual: 0; Below] [Context: "## 2024-05-22 - Secure File Creation in Shell Scripts"] https://github.com/DavidAnson/markdownlint/blob/v0.34.0/doc/md022.md

🤖 Prompt for AI Agents 
In @.jules/sentinel.md around lines 1 - 4, Change the document heading to an H1
and add blank lines around it, and wrap long lines to satisfy MD041/MD022/MD013:
replace the first line "## 2024-05-22 - Secure File Creation in Shell Scripts"
with "# 2024-05-22 - Secure File Creation in Shell Scripts", ensure there is a
blank line before and after that H1, and reflow the longer sentences in the body
(e.g., the "Vulnerability", "Learning", and "Prevention" lines) so each line is
under the project's max line length (commonly 80 chars) while preserving the
content and bullet/heading structure.

12 changes: 8 additions & 4 deletions tools/setup-ssh-keys.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -153,12 +153,16 @@ cmd_restore() {
chmod 700 "$SSH_DIR"

# Read private key from 1Password and save locally
op read "op://$VAULT/$KEY_NAME/private_key" > "$PRIVATE_KEY_FILE"
chmod 600 "$PRIVATE_KEY_FILE"
(
umask 077
op read "op://$VAULT/$KEY_NAME/private_key" > "$PRIVATE_KEY_FILE"
)

# Read public key from 1Password and save locally
op read "op://$VAULT/$KEY_NAME/public_key" > "$PUBLIC_KEY_FILE"
chmod 644 "$PUBLIC_KEY_FILE"
(
umask 022
op read "op://$VAULT/$KEY_NAME/public_key" > "$PUBLIC_KEY_FILE"
)

say "SSH key restored to $SSH_DIR"
echo ""
Expand Down
Loading