>_

security/filesystem

Filesystem Security security skill

$ 安裝

git clone https://github.com/mgreenly/ikigai /tmp/ikigai && cp -r /tmp/ikigai/.claude/library/security/filesystem ~/.claude/skills/ikigai

// tip: Run this command in your terminal to install the skill

SKILL.md
View on GitHub →

name: security/filesystem description: Filesystem Security security skill

Filesystem Security

File operations have race conditions, symlink attacks, and path traversal risks.

ikigai Application

Path traversal:

  • Reject paths containing .. before canonicalization
  • Use realpath() and verify result is under allowed directory
  • Never concatenate user input directly into paths

TOCTOU (Time-of-Check to Time-of-Use):

// BAD: Race between check and use
if (access(path, R_OK) == 0) { fd = open(path, O_RDONLY); }

// GOOD: Open first, then check
fd = open(path, O_RDONLY);
if (fd >= 0) { /* use fd */ }

Symlink attacks:

  • Use O_NOFOLLOW when opening files in shared directories
  • lstat() to check for symlinks before operations
  • Create temp files with mkstemp(), never mktemp()

Permissions:

  • Config files: 0600 (owner read/write only)
  • Directories: 0700
  • Check permissions before reading sensitive files
  • Set umask appropriately: umask(077)

Review red flags: access() before open(), path concatenation, missing O_NOFOLLOW, world-readable configs.

Repository

mgreenly
mgreenly
Author
mgreenly/ikigai/.claude/library/security/filesystem
1
Stars
0
Forks
Updated4d ago
Added1w ago

Actions

View on GitHubDownload ZIPReport Issue

Related Skills

payload
payloadcms/payload
39.0k
creating-financial-models
anthropics/claude-cookbooks
28.3k
cookbook-audit
anthropics/claude-cookbooks
28.3k
doc-coauthoring
anthropics/skills
24.5k
webapp-testing
anthropics/skills
24.5k