Security issue

[nabeelasjid1]

When we deploy, mup creats a directory /opt/example-project/tmp and set permissions 777

and this is vulnerable to DoS attack

[jankapunkt]

@nabeelasjid1 is the folder removed once deployment is complete?

[zodern]

@nabeelasjid1 could you please explain how this is vulnerable to a DoS attack? I've been unable to see how it could be.

You can also enable useBuildKit, which extracts the tar file inside the docker image and doesn't create tmp. In the future, this will be enabled by default.

[nabeelasjid1]

we have to manullay set 755 to that folder

sudo chmod 755 /opt/my-app/tmp

[nabeelasjid1]

@nabeelasjid1 is the folder removed once deployment is complete?

No, it doesn't delete automatically.

[nabeelasjid1]

@nabeelasjid1 could you please explain how this is vulnerable to a DoS attack? I've been unable to see how it could be.

You can also enable useBuildKit, which extracts the tar file inside the docker image and doesn't create tmp. In the future, this will be enabled by default.

ok, It took me 3 days, applying multiple solutions and finally I checked the server logs and the user I was using to deploy was setting write permissions 777 to tmp folder.

and the bad actor was exploiting this vulnerability