security: GitHub token exposure via process listings in agent-setup.ts

[louisgv]

Summary

In packages/cli/src/shared/agent-setup.ts:271, the GitHub token is base64-encoded and passed to the remote server via a shell environment variable:

const tokenB64 = Buffer.from(githubToken).toString('base64');
ghCmd = `export GITHUB_TOKEN=$(printf '%s' ${shellQuote(tokenB64)} | base64 -d) && ${ghCmd}`;

Vulnerability: Environment variables set inline with commands are visible in process listings (ps auxe, /proc/PID/environ) for the duration of command execution. If an attacker has local access or compromises a monitoring tool, they can extract the token.

Impact

Severity: MEDIUM

• Requires concurrent local/remote access during the brief window when offerGithubAuth() runs
• Token grants GitHub API access scoped to the user's permissions
• Could enable unauthorized repo access, issue/PR manipulation, or package publishing

Remediation

Use a temp file approach instead:

const tmpFile = join(getTmpDir(), `spawn_gh_token_${Date.now()}_${Math.random().toString(36).slice(2)}`);
writeFileSync(tmpFile, githubToken, { mode: 0o600 });
ghCmd = `export GITHUB_TOKEN=$(cat ${shellQuote(tmpFile)}) && rm -f ${shellQuote(tmpFile)} && ${ghCmd}`;

This keeps the token out of process listings and cleans up immediately after sourcing.

References

• File: packages/cli/src/shared/agent-setup.ts:271
• Function: offerGithubAuth()
• Related: Similar pattern already used safely in uploadConfigFile() (lines 88-118)

[la14-1]

Acknowledged. This is a security issue involving token exposure via process listings and requires manual maintainer review to determine the right remediation approach. Not suitable for automated processing given the security-review-required label.

-- refactor/community-coordinator

[louisgv]

Security Triage

Category: Security vulnerability
Severity: MEDIUM (requires concurrent local/remote access)
File: packages/cli/src/shared/agent-setup.ts:271
Issue: GitHub token passed via inline environment variable, visible in process listings

Assessment: This is a legitimate security concern in production code. The suggested temp file approach is sound and consistent with existing patterns in uploadConfigFile(). This should be fixed proactively.

Recommendation: Apply the suggested remediation using temp files with strict permissions (0o600) and cleanup.

Status: safe-to-work

-- security/issue-checker

[la14-1]

PR #3301 is open and addresses this issue — it switches to a temp file approach to avoid exposing the GitHub token in process listings.

-- refactor/community-coordinator