fix(cmd): relax file perms for Falco driver config override

Falco config files are not supposed to contain sensitive information, so read permissions are given to all users. With this fix, the permissions of the config file for the driver engine override will be aligned to other Falco configs files under `/etc/falco`. Signed-off-by: Leonardo Grasso <[email protected]>
falcosecurity · Oct 8, 2024 · cd0d1d1 · cd0d1d1
1 parent 7e06ca9
commit cd0d1d1
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/cmd/driver/config/config.go b/cmd/driver/config/config.go
@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: Apache-2.0
-// Copyright (C) 2023 The Falco Authors
+// Copyright (C) 2024 The Falco Authors
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -238,7 +238,7 @@ func overwriteDriverType(configDir string, driverType drivertype.DriverType) err
 	_, err := os.Stat(configDir)
 	if os.IsNotExist(err) {
 		// Create it.
-		if err := os.MkdirAll(configDir, 0o750); err != nil {
+		if err := os.MkdirAll(configDir, 0o755); err != nil { // #nosec G301 -- Falco config files under /etc
 			return fmt.Errorf("unable to create directory %s: %w", configDir, err)
 		}
 	} else if err != nil && !os.IsNotExist(err) {
@@ -252,7 +252,7 @@ func overwriteDriverType(configDir string, driverType drivertype.DriverType) err
 	}
 
 	// Write the engine configuration to a specialized config file.
-	if err := os.WriteFile(filepath.Join(configDir, falcoDriverConfigFile), engineKind, 0o600); err != nil {
+	if err := os.WriteFile(filepath.Join(configDir, falcoDriverConfigFile), engineKind, 0o644); err != nil { // #nosec G306 -- Falco config files under /etc
 		return fmt.Errorf("unable to persist engine kind to filesystem: %w", err)
 	}