Abort if accounts.conf is world readable

Fixes #32
This commit is contained in:
Reto Brunner 2019-05-16 14:26:08 -07:00 committed by Drew DeVault
parent fb3826cee5
commit b275a394e2
2 changed files with 31 additions and 4 deletions

View file

@ -1,6 +1,7 @@
package main package main
import ( import (
"fmt"
"io" "io"
"io/ioutil" "io/ioutil"
"log" "log"
@ -9,12 +10,12 @@ import (
"github.com/mattn/go-isatty" "github.com/mattn/go-isatty"
"git.sr.ht/~sircmpwn/aerc2/config"
"git.sr.ht/~sircmpwn/aerc2/commands" "git.sr.ht/~sircmpwn/aerc2/commands"
"git.sr.ht/~sircmpwn/aerc2/commands/account" "git.sr.ht/~sircmpwn/aerc2/commands/account"
"git.sr.ht/~sircmpwn/aerc2/commands/compose" "git.sr.ht/~sircmpwn/aerc2/commands/compose"
"git.sr.ht/~sircmpwn/aerc2/commands/msgview" "git.sr.ht/~sircmpwn/aerc2/commands/msgview"
"git.sr.ht/~sircmpwn/aerc2/commands/terminal" "git.sr.ht/~sircmpwn/aerc2/commands/terminal"
"git.sr.ht/~sircmpwn/aerc2/config"
libui "git.sr.ht/~sircmpwn/aerc2/lib/ui" libui "git.sr.ht/~sircmpwn/aerc2/lib/ui"
"git.sr.ht/~sircmpwn/aerc2/widgets" "git.sr.ht/~sircmpwn/aerc2/widgets"
) )
@ -61,7 +62,8 @@ func main() {
conf, err := config.LoadConfig(nil) conf, err := config.LoadConfig(nil)
if err != nil { if err != nil {
panic(err) fmt.Printf("Failed to load config: %v\n", err)
os.Exit(1)
} }
var ( var (

View file

@ -3,6 +3,7 @@ package config
import ( import (
"errors" "errors"
"fmt" "fmt"
"os"
"path" "path"
"regexp" "regexp"
"strings" "strings"
@ -142,7 +143,12 @@ func LoadConfig(root *string) (*AercConfig, error) {
_root := path.Join(xdg.ConfigHome(), "aerc") _root := path.Join(xdg.ConfigHome(), "aerc")
root = &_root root = &_root
} }
file, err := ini.Load(path.Join(*root, "aerc.conf")) filename := path.Join(*root, "accounts.conf")
if err := checkConfigPerms(filename); err != nil {
return nil, err
}
filename = path.Join(*root, "aerc.conf")
file, err := ini.Load(filename)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -289,3 +295,22 @@ func LoadConfig(root *string) (*AercConfig, error) {
config.Bindings.Global.Globals = false config.Bindings.Global.Globals = false
return config, nil return config, nil
} }
// checkConfigPerms checks for too open permissions
// printing the fix on stdout and returning an error
func checkConfigPerms(filename string) error {
info, err := os.Stat(filename)
if err != nil {
return err
}
perms := info.Mode().Perm()
goPerms := perms >> 3
// group or others have read access
if goPerms&0x44 != 0 {
fmt.Printf("The file %v has too open permissions.\n", filename)
fmt.Println("This is a security issue (it contains passwords).")
fmt.Printf("To fix it, run `chmod 600 %v`\n", filename)
return errors.New("account.conf permissions too lax")
}
return nil
}