fix: fix incorrect permission may introduce security vulnerabilities.

liqiang-fit2cloud · liqiang-fit2cloud · commit 79988b170cda · 2025-11-17T11:16:31.000+08:00
diff --git a/apps/common/utils/tool_code.py b/apps/common/utils/tool_code.py
@@ -28,7 +28,7 @@ def __init__(self, sandbox=False):
         self.sandbox_so_path = f'{self.sandbox_path}/sandbox.so'
         try:
             if os.path.exists(self.sandbox_so_path):
-                os.chmod(self.sandbox_so_path, 0o644)
+                os.chmod(self.sandbox_so_path, 0o444)
             # 初始化host黑名单
             banned_hosts_file_path = f'{self.sandbox_path}/.SANDBOX_BANNED_HOSTS'
             if os.path.exists(banned_hosts_file_path):
@@ -40,7 +40,7 @@ def __init__(self, sandbox=False):
                 banned_hosts = f"{banned_hosts},{hostname},{local_ip}"
                 with open(banned_hosts_file_path, "w") as f:
                     f.write(banned_hosts)
-                os.chmod(banned_hosts_file_path, 0o644)
+                os.chmod(banned_hosts_file_path, 0o444)
         except Exception as e:
             maxkb_logger.error(f'Failed to init SANDBOX_BANNED_HOSTS due to exception: {e}', exc_info=True)
             pass
