@earendil-works/pi-coding-agent: Predictable temp extension paths allow local privilege escalation

Predictable temporary extension install paths under os.tmpdir()/pi-extensions allowed local privilege escalation on shared Linux hosts. Fixed in version 0.78.1 by moving to per-user directory ~/.pi/agent/tmp/extensions with 0700 permissions.

Users of @earendil-works/pi-coding-agent >= 0.74.0, < 0.78.1 and @mariozechner/pi-coding-agent >= 0.50.0, <= 0.73.1 on Linux-based multi-user systems (shared dev machines, CI runners, HPC login nodes) who use --extension or -e with npm or git package sources.

Upgrade to @earendil-works/pi-coding-agent version 0.78.1 or later. If using the deprecated @mariozechner/pi-coding-agent, migrate to the new package and upgrade. If immediate upgrade is not possible, avoid using temporary npm or git extension sources on shared Linux hosts or set TMPDIR to a user-owned directory with 0700 permissions.