aboutsummaryrefslogtreecommitdiffstats
path: root/config/config.go
diff options
context:
space:
mode:
authorReto Brunner <reto@labrat.space>2019-05-16 14:26:08 -0700
committerDrew DeVault <sir@cmpwn.com>2019-05-16 17:26:35 -0400
commitb275a394e2e1d7836fae7519f3f13d3eacc151f5 (patch)
tree1a4760f7eb7d98f5625f1bd594d7379ecd53d411 /config/config.go
parentfb3826cee5a4c23cc1135523e267fc3801e8533a (diff)
downloadaerc-b275a394e2e1d7836fae7519f3f13d3eacc151f5.tar.gz
Abort if accounts.conf is world readable
Fixes #32
Diffstat (limited to 'config/config.go')
-rw-r--r--config/config.go27
1 files changed, 26 insertions, 1 deletions
diff --git a/config/config.go b/config/config.go
index 736acbf3..aee326f2 100644
--- a/config/config.go
+++ b/config/config.go
@@ -3,6 +3,7 @@ package config
import (
"errors"
"fmt"
+ "os"
"path"
"regexp"
"strings"
@@ -142,7 +143,12 @@ func LoadConfig(root *string) (*AercConfig, error) {
_root := path.Join(xdg.ConfigHome(), "aerc")
root = &_root
}
- file, err := ini.Load(path.Join(*root, "aerc.conf"))
+ filename := path.Join(*root, "accounts.conf")
+ if err := checkConfigPerms(filename); err != nil {
+ return nil, err
+ }
+ filename = path.Join(*root, "aerc.conf")
+ file, err := ini.Load(filename)
if err != nil {
return nil, err
}
@@ -289,3 +295,22 @@ func LoadConfig(root *string) (*AercConfig, error) {
config.Bindings.Global.Globals = false
return config, nil
}
+
+// checkConfigPerms checks for too open permissions
+// printing the fix on stdout and returning an error
+func checkConfigPerms(filename string) error {
+ info, err := os.Stat(filename)
+ if err != nil {
+ return err
+ }
+ perms := info.Mode().Perm()
+ goPerms := perms >> 3
+ // group or others have read access
+ if goPerms&0x44 != 0 {
+ fmt.Printf("The file %v has too open permissions.\n", filename)
+ fmt.Println("This is a security issue (it contains passwords).")
+ fmt.Printf("To fix it, run `chmod 600 %v`\n", filename)
+ return errors.New("account.conf permissions too lax")
+ }
+ return nil
+}