Skip to content

Security: Potential race condition in runtime keypair materialization#486

Open
tomaioo wants to merge 1 commit into
backbay-labs:mainfrom
tomaioo:fix/security/potential-race-condition-in-runtime-keyp
Open

Security: Potential race condition in runtime keypair materialization#486
tomaioo wants to merge 1 commit into
backbay-labs:mainfrom
tomaioo:fix/security/potential-race-condition-in-runtime-keyp

Conversation

@tomaioo

@tomaioo tomaioo commented Jun 29, 2026

Copy link
Copy Markdown

Summary

Security: Potential race condition in runtime keypair materialization

Problem

Severity: Medium | File: apps/agent/src-tauri/src/daemon/runtime_keypair.rs:L18

The materialize_runtime_signing_keypair function checks if a key path exists and then generates a new keypair if not. This check-then-act pattern is not atomic and could lead to race conditions where multiple processes generate keypairs simultaneously, potentially causing one to overwrite the other's key. While write_private_atomic is used for the actual write, the existence check and generation are not atomic.

Solution

Use atomic file creation with O_EXCL flag or a file-based lock to ensure only one process can create the keypair. Alternatively, always attempt to write atomically and handle the case where the file already exists.

Changes

  • apps/agent/src-tauri/src/daemon/runtime_keypair.rs (modified)

The `materialize_runtime_signing_keypair` function checks if a key path exists and then generates a new keypair if not. This check-then-act pattern is not atomic and could lead to race conditions where multiple processes generate keypairs simultaneously, potentially causing one to overwrite the other's key. While `write_private_atomic` is used for the actual write, the existence check and generation are not atomic.

Signed-off-by: tomaioo <203048277+tomaioo@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant