If you discover a security vulnerability in PID Pal, please report it responsibly.
Do NOT open a public GitHub issue for security vulnerabilities.
Instead, please send details to the maintainers privately by:
- Opening a private security advisory at https://github.com/MSNYC/pidpal/security/advisories/new
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: Within 48 hours
- Initial assessment: Within 1 week
- Resolution target: Depends on severity
| Version | Supported |
|---|---|
| 0.1.x | Yes |
PID Pal reads process information from /proc filesystem. It:
- Does NOT require root privileges for basic usage
- Does NOT modify any system files
- Does NOT send data externally (unless LLM features are explicitly enabled)
- Respects system permissions for process visibility