summary refs log tree commit diff stats
path: root/config/config.go
diff options
context:
space:
mode:
authorReto Brunner <reto@labrat.space>2019-05-16 14:26:08 -0700
committerDrew DeVault <sir@cmpwn.com>2019-05-16 17:26:35 -0400
commitb275a394e2e1d7836fae7519f3f13d3eacc151f5 (patch)
tree1a4760f7eb7d98f5625f1bd594d7379ecd53d411 /config/config.go
parentfb3826cee5a4c23cc1135523e267fc3801e8533a (diff)
downloadaerc-b275a394e2e1d7836fae7519f3f13d3eacc151f5.tar.gz
Abort if accounts.conf is world readable
Fixes #32
Diffstat (limited to 'config/config.go')
-rw-r--r--config/config.go27
1 files changed, 26 insertions, 1 deletions
diff --git a/config/config.go b/config/config.go
index 736acbf..aee326f 100644
--- a/config/config.go
+++ b/config/config.go
@@ -3,6 +3,7 @@ package config
 import (
 	"errors"
 	"fmt"
+	"os"
 	"path"
 	"regexp"
 	"strings"
@@ -142,7 +143,12 @@ func LoadConfig(root *string) (*AercConfig, error) {
 		_root := path.Join(xdg.ConfigHome(), "aerc")
 		root = &_root
 	}
-	file, err := ini.Load(path.Join(*root, "aerc.conf"))
+	filename := path.Join(*root, "accounts.conf")
+	if err := checkConfigPerms(filename); err != nil {
+		return nil, err
+	}
+	filename = path.Join(*root, "aerc.conf")
+	file, err := ini.Load(filename)
 	if err != nil {
 		return nil, err
 	}
@@ -289,3 +295,22 @@ func LoadConfig(root *string) (*AercConfig, error) {
 	config.Bindings.Global.Globals = false
 	return config, nil
 }
+
+// checkConfigPerms checks for too open permissions
+// printing the fix on stdout and returning an error
+func checkConfigPerms(filename string) error {
+	info, err := os.Stat(filename)
+	if err != nil {
+		return err
+	}
+	perms := info.Mode().Perm()
+	goPerms := perms >> 3
+	// group or others have read access
+	if goPerms&0x44 != 0 {
+		fmt.Printf("The file %v has too open permissions.\n", filename)
+		fmt.Println("This is a security issue (it contains passwords).")
+		fmt.Printf("To fix it, run `chmod 600 %v`\n", filename)
+		return errors.New("account.conf permissions too lax")
+	}
+	return nil
+}
a id='n34' href='#n34'>34 35 36 37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52