fix: use a lower file permission in file creation

[tac0turtle]

Description

a-19

---

Author Checklist

All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.

I have...

• included the correct type prefix in the PR title
• added ! to the type prefix if API or client breaking change
• targeted the correct branch (see PR Targeting)
• provided a link to the relevant issue or specification
• followed the guidelines for building modules
• included the necessary unit and integration tests
• added a changelog entry to CHANGELOG.md
• included comments for documenting Go code
• updated the relevant documentation or specification
• reviewed "Files changed" and left comments if necessary
• run make lint and make test
• confirmed all CI checks have passed

Reviewers Checklist

All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.

I have...

• confirmed the correct type prefix in the PR title
• confirmed ! in the type prefix if API or client breaking change
• confirmed all author checklist items have been addressed
• reviewed state machine logic
• reviewed API design and naming
• reviewed documentation is accurate
• reviewed tests and test coverage
• manually tested (if applicable)

Summary by CodeRabbit

• Security Improvement: Updated the permissions for the snapshots directory to enhance security. The new settings allow only the owner to write, while the group and others can only read.
• Code Refactor: Simplified the code in the compareTS and compare functions for better readability. This change does not affect the functionality of these functions.
• Documentation: Added a comment in the code to explain the permissions for the upgrade info file. This is a minor change and does not affect the software's operation.

[github-actions]

@tac0turtle your pull request is missing a changelog!

[tac0turtle]

@julienrbrt will anyone other than the sdk need to modify these files?

[julienrbrt]

Mmh, cosmovisor needs to be able to read it and overwrite it if needed.

[coderabbitai]

Walkthrough

This pull request primarily focuses on enhancing security through permission modifications, simplifying code for better readability, and adding explanatory comments for better understanding of the codebase.

Changes

File	Summary
server/util.go	Updated the permission mode from os.ModePerm to 0o644 for the snapshots directory, enhancing security by limiting permissions for group and others.
store/storage/rocksdb/.../comparator.go	Simplified function signatures in compareTS and compare by using slice shorthand notation for parameters bz1 and bz2.
x/upgrade/keeper/keeper.go	Added a comment explaining the permissions for the upgrade info file.

🐇

In the land of code, where the shadows lie,

We tighten the locks, under the binary sky.

With a slice of shorthand, and a comment so clear,

We march towards perfection, with nothing to fear.

🎉🎉🎉

---

Tips

Chat with CodeRabbit Bot (@coderabbitai)

• If you reply to a review comment from CodeRabbit, the bot will automatically respond.
• To engage with CodeRabbit bot directly around the specific lines of code in the PR, mention @coderabbitai in your review comment
• Note: Review comments are made on code diffs or files, not on the PR overview.
• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai help to get help.

Note: For conversation with the bot, please use the review comments on code diffs or files.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• The JSON schema for the configuration file is available here.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/coderabbit-overrides.json

[coderabbitai]

Review Status

Actionable comments generated: 1
Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between f2f47ff and bf89e1b.

Files selected for processing (3)

• server/util.go (1 hunks)
• store/storage/rocksdb/comparator.go (2 hunks)
• x/upgrade/keeper/keeper.go (1 hunks)

Files skipped from review due to trivial changes (2)

• store/storage/rocksdb/comparator.go
• x/upgrade/keeper/keeper.go

[odeke-em]

Nice and thank you @tac0turtle! LGTM! I am an advocate of the proactive security measure of least permissions per https://cyber.orijtech.com/scsec/cosmos-hardening#file-permissions

[odeke-em]

@tac0turtle this branch needs some updates from main, would you like to merge it in?