diff options
author | Reto Brunner <reto@labrat.space> | 2019-05-16 14:26:08 -0700 |
---|---|---|
committer | Drew DeVault <sir@cmpwn.com> | 2019-05-16 17:26:35 -0400 |
commit | b275a394e2e1d7836fae7519f3f13d3eacc151f5 (patch) | |
tree | 1a4760f7eb7d98f5625f1bd594d7379ecd53d411 | |
parent | fb3826cee5a4c23cc1135523e267fc3801e8533a (diff) | |
download | aerc-b275a394e2e1d7836fae7519f3f13d3eacc151f5.tar.gz |
Abort if accounts.conf is world readable
Fixes #32
-rw-r--r-- | aerc.go | 8 | ||||
-rw-r--r-- | config/config.go | 27 |
2 files changed, 31 insertions, 4 deletions
@@ -1,6 +1,7 @@ package main import ( + "fmt" "io" "io/ioutil" "log" @@ -9,12 +10,12 @@ import ( "github.com/mattn/go-isatty" - "git.sr.ht/~sircmpwn/aerc2/config" "git.sr.ht/~sircmpwn/aerc2/commands" "git.sr.ht/~sircmpwn/aerc2/commands/account" "git.sr.ht/~sircmpwn/aerc2/commands/compose" "git.sr.ht/~sircmpwn/aerc2/commands/msgview" "git.sr.ht/~sircmpwn/aerc2/commands/terminal" + "git.sr.ht/~sircmpwn/aerc2/config" libui "git.sr.ht/~sircmpwn/aerc2/lib/ui" "git.sr.ht/~sircmpwn/aerc2/widgets" ) @@ -61,7 +62,8 @@ func main() { conf, err := config.LoadConfig(nil) if err != nil { - panic(err) + fmt.Printf("Failed to load config: %v\n", err) + os.Exit(1) } var ( @@ -73,7 +75,7 @@ func main() { for i, set := range cmds { err := set.ExecuteCommand(aerc, cmd) if _, ok := err.(commands.NoSuchCommand); ok { - if i == len(cmds) - 1 { + if i == len(cmds)-1 { return err } else { continue diff --git a/config/config.go b/config/config.go index 736acbf3..aee326f2 100644 --- a/config/config.go +++ b/config/config.go @@ -3,6 +3,7 @@ package config import ( "errors" "fmt" + "os" "path" "regexp" "strings" @@ -142,7 +143,12 @@ func LoadConfig(root *string) (*AercConfig, error) { _root := path.Join(xdg.ConfigHome(), "aerc") root = &_root } - file, err := ini.Load(path.Join(*root, "aerc.conf")) + filename := path.Join(*root, "accounts.conf") + if err := checkConfigPerms(filename); err != nil { + return nil, err + } + filename = path.Join(*root, "aerc.conf") + file, err := ini.Load(filename) if err != nil { return nil, err } @@ -289,3 +295,22 @@ func LoadConfig(root *string) (*AercConfig, error) { config.Bindings.Global.Globals = false return config, nil } + +// checkConfigPerms checks for too open permissions +// printing the fix on stdout and returning an error +func checkConfigPerms(filename string) error { + info, err := os.Stat(filename) + if err != nil { + return err + } + perms := info.Mode().Perm() + goPerms := perms >> 3 + // group or others have read access + if goPerms&0x44 != 0 { + fmt.Printf("The file %v has too open permissions.\n", filename) + fmt.Println("This is a security issue (it contains passwords).") + fmt.Printf("To fix it, run `chmod 600 %v`\n", filename) + return errors.New("account.conf permissions too lax") + } + return nil +} |