From b275a394e2e1d7836fae7519f3f13d3eacc151f5 Mon Sep 17 00:00:00 2001 From: Reto Brunner Date: Thu, 16 May 2019 14:26:08 -0700 Subject: Abort if accounts.conf is world readable Fixes #32 --- config/config.go | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) (limited to 'config') diff --git a/config/config.go b/config/config.go index 736acbf..aee326f 100644 --- a/config/config.go +++ b/config/config.go @@ -3,6 +3,7 @@ package config import ( "errors" "fmt" + "os" "path" "regexp" "strings" @@ -142,7 +143,12 @@ func LoadConfig(root *string) (*AercConfig, error) { _root := path.Join(xdg.ConfigHome(), "aerc") root = &_root } - file, err := ini.Load(path.Join(*root, "aerc.conf")) + filename := path.Join(*root, "accounts.conf") + if err := checkConfigPerms(filename); err != nil { + return nil, err + } + filename = path.Join(*root, "aerc.conf") + file, err := ini.Load(filename) if err != nil { return nil, err } @@ -289,3 +295,22 @@ func LoadConfig(root *string) (*AercConfig, error) { config.Bindings.Global.Globals = false return config, nil } + +// checkConfigPerms checks for too open permissions +// printing the fix on stdout and returning an error +func checkConfigPerms(filename string) error { + info, err := os.Stat(filename) + if err != nil { + return err + } + perms := info.Mode().Perm() + goPerms := perms >> 3 + // group or others have read access + if goPerms&0x44 != 0 { + fmt.Printf("The file %v has too open permissions.\n", filename) + fmt.Println("This is a security issue (it contains passwords).") + fmt.Printf("To fix it, run `chmod 600 %v`\n", filename) + return errors.New("account.conf permissions too lax") + } + return nil +} -- cgit 1.4.1-2-gfad0