Abort if accounts.conf is world readable

Fixes #32
This commit is contained in:
Reto Brunner 2019-05-16 20:58:31 +02:00 committed by Drew DeVault
parent ce0d0e887c
commit a755608ef9
2 changed files with 30 additions and 4 deletions

View file

@ -1,6 +1,7 @@
package main
import (
"fmt"
"io"
"io/ioutil"
"log"
@ -9,12 +10,12 @@ import (
"github.com/mattn/go-isatty"
"git.sr.ht/~sircmpwn/aerc2/config"
"git.sr.ht/~sircmpwn/aerc2/commands"
"git.sr.ht/~sircmpwn/aerc2/commands/account"
"git.sr.ht/~sircmpwn/aerc2/commands/compose"
"git.sr.ht/~sircmpwn/aerc2/commands/msgview"
"git.sr.ht/~sircmpwn/aerc2/commands/terminal"
"git.sr.ht/~sircmpwn/aerc2/config"
libui "git.sr.ht/~sircmpwn/aerc2/lib/ui"
"git.sr.ht/~sircmpwn/aerc2/widgets"
)
@ -61,7 +62,8 @@ func main() {
conf, err := config.LoadConfig(nil)
if err != nil {
panic(err)
fmt.Printf("Failed to load config: %v\n", err)
os.Exit(1)
}
var (

View file

@ -3,6 +3,7 @@ package config
import (
"errors"
"fmt"
"os"
"path"
"regexp"
"strings"
@ -142,7 +143,11 @@ func LoadConfig(root *string) (*AercConfig, error) {
_root := path.Join(xdg.ConfigHome(), "aerc")
root = &_root
}
file, err := ini.Load(path.Join(*root, "aerc.conf"))
filename := path.Join(*root, "aerc.conf")
if err := checkConfigPerms(filename); err != nil {
return nil, err
}
file, err := ini.Load(filename)
if err != nil {
return nil, err
}
@ -289,3 +294,22 @@ func LoadConfig(root *string) (*AercConfig, error) {
config.Bindings.Global.Globals = false
return config, nil
}
// checkConfigPerms checks for too open permissions
// printing the fix on stdout and returning an error
func checkConfigPerms(filename string) error {
info, err := os.Stat(filename)
if err != nil {
return err
}
perms := info.Mode().Perm()
goPerms := perms >> 3
// group or others have read access
if goPerms&0x44 != 0 {
fmt.Printf("The file %v has too open permissions.\n", filename)
fmt.Println("This is a security issue (it contains passwords).")
fmt.Printf("To fix it, run `chmod 600 %v`\n", filename)
return errors.New("account.conf permissions too lax")
}
return nil
}