After extracting a candidate archive into ~/.sdkman/candidates/, the files should be made immutable (or at least have their permissions hardened) to prevent accidental or malicious modification by other processes.
Currently any process can modify the files in ~/.sdkman/candidates/, which is a security and integrity concern.
Proposed behaviour
After a successful install, apply appropriate read-only permissions to the extracted candidate directory (e.g. chmod -R a-w) so the contents cannot be tampered with.
Related
- sdkman-cli #899 (leiningen installed with 777 permissions due to a bad vendor zip)
After extracting a candidate archive into
~/.sdkman/candidates/, the files should be made immutable (or at least have their permissions hardened) to prevent accidental or malicious modification by other processes.Currently any process can modify the files in
~/.sdkman/candidates/, which is a security and integrity concern.Proposed behaviour
After a successful install, apply appropriate read-only permissions to the extracted candidate directory (e.g.
chmod -R a-w) so the contents cannot be tampered with.Related