Ensure file-based program artifacts are restricted to the current user (#48813)

Author: jjonescz

src/Cli/dotnet/Commands/Run/VirtualProjectBuildingCommand.cs

@@ -362,7 +362,19 @@ Building because previous global properties count ({previousCacheEntry.GlobalPro
     private void MarkBuildStart()
     {
         string directory = GetArtifactsPath();
-        Directory.CreateDirectory(directory);
+
+        if (OperatingSystem.IsWindows())
+        {
+            Directory.CreateDirectory(directory);
+        }
+        else
+        {
+            // Ensure only the current user has access to the directory to avoid leaking the program to other users.
+            // We don't mind that permissions might be different if the directory already exists,
+            // since it's under user's local directory and its path should be unique.
+            Directory.CreateDirectory(directory, UnixFileMode.UserRead | UnixFileMode.UserWrite | UnixFileMode.UserExecute);
+        }
+
         File.WriteAllText(Path.Join(directory, BuildStartCacheFileName), EntryPointFileFullPath);
     }
 

test/dotnet.Tests/CommandTests/Run/RunFileTests.cs

@@ -1,6 +1,7 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
+using System.Runtime.Versioning;
 using System.Text.Json;
 using Microsoft.CodeAnalysis;
 using Microsoft.DotNet.Cli.Commands;
@@ -809,6 +810,42 @@ public void NoBuild_02()
             .And.HaveStdOut("Changed");
     }
 
+    [PlatformSpecificFact(TestPlatforms.AnyUnix), UnsupportedOSPlatform("windows")]
+    public void ArtifactsDirectory_Permissions()
+    {
+        var testInstance = _testAssetsManager.CreateTestDirectory();
+        var programFile = Path.Join(testInstance.Path, "Program.cs");
+        File.WriteAllText(programFile, s_program);
+
+        // Remove artifacts from possible previous runs of this test.
+        var artifactsDir = VirtualProjectBuildingCommand.GetArtifactsPath(programFile);
+        if (Directory.Exists(artifactsDir)) Directory.Delete(artifactsDir, recursive: true);
+
+        new DotnetCommand(Log, "build", "Program.cs")
+            .WithWorkingDirectory(testInstance.Path)
+            .Execute()
+            .Should().Pass();
+
+        new DirectoryInfo(artifactsDir).UnixFileMode
+            .Should().Be(UnixFileMode.UserRead | UnixFileMode.UserWrite | UnixFileMode.UserExecute, artifactsDir);
+
+        // Re-create directory with incorrect permissions.
+        Directory.Delete(artifactsDir, recursive: true);
+        Directory.CreateDirectory(artifactsDir, UnixFileMode.GroupRead | UnixFileMode.GroupWrite | UnixFileMode.GroupExecute);
+        var actualMode = new DirectoryInfo(artifactsDir).UnixFileMode
+            .Should().NotBe(UnixFileMode.UserRead | UnixFileMode.UserWrite | UnixFileMode.UserExecute, artifactsDir).And.Subject;
+
+        new DotnetCommand(Log, "build", "Program.cs")
+            .WithWorkingDirectory(testInstance.Path)
+            .Execute()
+            .Should().Fail()
+            .And.HaveStdErrContaining("build-start.cache"); // Unhandled exception: Access to the path '.../build-start.cache' is denied.
+
+        // Build shouldn't have changed the permissions.
+        new DirectoryInfo(artifactsDir).UnixFileMode
+            .Should().Be(actualMode, artifactsDir);
+    }
+
     [Fact]
     public void LaunchProfile()
     {