Description:
The script install-dotnet.sh is created on the following line:
https://github.com/actions/setup-dotnet/blob/main/src/installer.ts#L171
This creates a file on the filesystem with chmod 777 set making it world writable and triggering vulnerability scans. I would like to propose changing this to 775.
Justification:
To close open vulnerabilities for files with world writable permissions in directories that don't have a sticky bit set, update the permissions of install-dotnet.sh to 775.
Are you willing to submit a PR?
Yes I am willing to submit a PR.
Description:
The script install-dotnet.sh is created on the following line:
https://github.com/actions/setup-dotnet/blob/main/src/installer.ts#L171
This creates a file on the filesystem with chmod 777 set making it world writable and triggering vulnerability scans. I would like to propose changing this to 775.
Justification:
To close open vulnerabilities for files with world writable permissions in directories that don't have a sticky bit set, update the permissions of install-dotnet.sh to 775.
Are you willing to submit a PR?
Yes I am willing to submit a PR.