fix(security): chmod 600 macOS launchd plist containing CDP token (#296)

One-liner oversight from #295: the macOS install path wrote the plist with the default umask (~0644), leaving CDP_PROXY_TOKEN world-readable to any local user account. The Linux path already writes to a chmod 600 env-file — this brings macOS to parity. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-15 18:20:48 -07:00 · 2026-04-15 18:20:48 -07:00 · 5ccceb92f9
commit 5ccceb92f9
parent 7955a9cd76
1 changed files with 5 additions and 0 deletions
--- a/plugins/browser-automation/host-bridge/install-host-bridge.sh
+++ b/plugins/browser-automation/host-bridge/install-host-bridge.sh
@ -68,6 +68,11 @@ install_macos() {
  <key>StandardErrorPath</key><string>${HOME}/.molecule-cdp-proxy.log</string>
 </dict></plist>
 EOF
+  # #296: the plist contains the CDP_PROXY_TOKEN in plaintext. Default
+  # umask leaves it world-readable (~0644) which leaks the token to any
+  # local user on a multi-account macOS host. Lock to owner-only. launchctl
+  # loads user agents as the owning UID so 0600 is safe.
+  chmod 600 "$plist"
  launchctl bootout "gui/$(id -u)/${LABEL}" 2>/dev/null || true
  launchctl bootstrap "gui/$(id -u)" "$plist"
  launchctl kickstart -k "gui/$(id -u)/${LABEL}"