feat(security): Add check to prevent running CLI with setuid/setgid bits

Pratik Singhrequested to merge
kitarp29/cli:main into main

Description

Prevent the CLI binary from running when the setuid or setgid permission bits are set. The POSIX security check (security_posix.go) now inspects the binary's file mode and exits early with a clear remediation message if os.ModeSetuid or os.ModeSetgid is present. This avoids accidental privilege elevation when the binary is installed or copied with unsafe permissions.

Related Issues

Resolves #[7495]

How has this been tested?

  • The CI pipeline has passed on this repo
  • On my local MacOs based machine I tried commands after building a binary it did gave out error when I played with the bits

Screenshots (if appropriate):

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation
  • Chore (Related to CI or Packaging to platforms)
  • Test gap

Merge request reports