nevercodecorrect opened a new issue, #37061: URL: https://github.com/apache/airflow/issues/37061
### Apache Airflow version 2.8.1 ### If "Other Airflow 2 version" selected, which one? _No response_ ### What happened? In [code](https://github.com/apache/airflow/blob/7bff7a5741942bba7eaf01898be0094bf01768c8/airflow/providers/fab/auth_manager/security_manager/override.py#L733) and [code](https://github.com/apache/airflow/blob/7bff7a5741942bba7eaf01898be0094bf01768c8/airflow/configuration.py#L1997), file permissions are changed after the file creation and writing data. An local malicious actor could gain the access to the file before the inaccessible of being effective. ### What you think should happen instead? The file priviledge could be changed before data writing. ### How to reproduce Get the execution timing of the program and open the file before chmod change the priveledge. ### Operating System ubuntu ### Versions of Apache Airflow Providers _No response_ ### Deployment Official Apache Airflow Helm Chart ### Deployment details _No response_ ### Anything else? _No response_ ### Are you willing to submit PR? - [ ] Yes I am willing to submit a PR! ### Code of Conduct - [X] I agree to follow this project's [Code of Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
