From 4510a7a10ddf744f1fc762bd1553f793ece79b28 Mon Sep 17 00:00:00 2001
From: Nguyen Van Nam <nam.nv205106@gmail.com>
Date: Sun, 17 May 2026 03:59:11 +0700
Subject: [PATCH] fix(security): 2 improvements across 1 files

- Security: Overly permissive file permissions (chmod 777) on custom diff binary
- Security: Fragile path parsing via split(" ") can target unintended files

Signed-off-by: Nguyen Van Nam <nam.nv205106@gmail.com>
---
 .../main/java/com/tencent/tinker/build/util/DiffFactory.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tinker-build/tinker-patch-lib/src/main/java/com/tencent/tinker/build/util/DiffFactory.java b/tinker-build/tinker-patch-lib/src/main/java/com/tencent/tinker/build/util/DiffFactory.java
index f345898e8..47dd8a15c 100644
--- a/tinker-build/tinker-patch-lib/src/main/java/com/tencent/tinker/build/util/DiffFactory.java
+++ b/tinker-build/tinker-patch-lib/src/main/java/com/tencent/tinker/build/util/DiffFactory.java
@@ -27,7 +27,7 @@ public static void diffFile(Configuration config, File oldFile, File newFile, Fi
 
     private static void makeSurePermission(String path) throws IOException {
         try {
-            Process process = new ProcessBuilder("chmod", "777", path.split(" ")[0]).start();
+            Process process = new ProcessBuilder("chmod", "755", path.split(" ")[0]).start();
             BufferedReader br = new BufferedReader(new InputStreamReader(process.getInputStream()));
             String line;
             while ((line = br.readLine()) != null) {