9a5b09cd7f
- save_restore_token: use create_new(true) + mode(0o600) for exclusive atomic file creation, preventing symlink attacks and predictable temp file exploitation - token_path: return Option, eliminate insecure /tmp fallback - load_restore_token: reject insecure files (symlinks, wrong owner, group/world-readable permissions) - Directory creation uses DirBuilderExt::mode(0o700) bypassing umask - Added verify_secure_dir and ensure_secure_parent with full metadata validation (owner, permissions, symlink rejection) - Added 11 regression tests covering all security scenarios
978 B
978 B