about summary refs log tree commit diff stats
path: root/config
diff options
context:
space:
mode:
authorReto Brunner <reto@labrat.space>2019-05-16 20:58:31 +0200
committerDrew DeVault <sir@cmpwn.com>2019-05-16 15:02:13 -0400
commita755608ef9d5893b68dc4c774bbda06503481552 (patch)
tree6fd2d65969799cbe433b7e59ba36327eebbd1d8b /config
parentce0d0e887ccf386006a5f1a425d9aa971190c610 (diff)
downloadaerc-a755608ef9d5893b68dc4c774bbda06503481552.tar.gz
Abort if accounts.conf is world readable
Fixes #32
Diffstat (limited to 'config')
-rw-r--r--config/config.go26
1 files changed, 25 insertions, 1 deletions
diff --git a/config/config.go b/config/config.go
index 736acbf..33623d5 100644
--- a/config/config.go
+++ b/config/config.go
@@ -3,6 +3,7 @@ package config
 import (
 	"errors"
 	"fmt"
+	"os"
 	"path"
 	"regexp"
 	"strings"
@@ -142,7 +143,11 @@ func LoadConfig(root *string) (*AercConfig, error) {
 		_root := path.Join(xdg.ConfigHome(), "aerc")
 		root = &_root
 	}
-	file, err := ini.Load(path.Join(*root, "aerc.conf"))
+	filename := path.Join(*root, "aerc.conf")
+	if err := checkConfigPerms(filename); err != nil {
+		return nil, err
+	}
+	file, err := ini.Load(filename)
 	if err != nil {
 		return nil, err
 	}
@@ -289,3 +294,22 @@ func LoadConfig(root *string) (*AercConfig, error) {
 	config.Bindings.Global.Globals = false
 	return config, nil
 }
+
+// checkConfigPerms checks for too open permissions
+// printing the fix on stdout and returning an error
+func checkConfigPerms(filename string) error {
+	info, err := os.Stat(filename)
+	if err != nil {
+		return err
+	}
+	perms := info.Mode().Perm()
+	goPerms := perms >> 3
+	// group or others have read access
+	if goPerms&0x44 != 0 {
+		fmt.Printf("The file %v has too open permissions.\n", filename)
+		fmt.Println("This is a security issue (it contains passwords).")
+		fmt.Printf("To fix it, run `chmod 600 %v`\n", filename)
+		return errors.New("account.conf permissions too lax")
+	}
+	return nil
+}