aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorReto Brunner <reto@labrat.space>2019-05-16 20:58:31 +0200
committerDrew DeVault <sir@cmpwn.com>2019-05-16 15:02:13 -0400
commita755608ef9d5893b68dc4c774bbda06503481552 (patch)
tree6fd2d65969799cbe433b7e59ba36327eebbd1d8b
parentce0d0e887ccf386006a5f1a425d9aa971190c610 (diff)
Abort if accounts.conf is world readable
Fixes #32
-rw-r--r--aerc.go8
-rw-r--r--config/config.go26
2 files changed, 30 insertions, 4 deletions
diff --git a/aerc.go b/aerc.go
index f3607bb..3566895 100644
--- a/aerc.go
+++ b/aerc.go
@@ -1,6 +1,7 @@
package main
import (
+ "fmt"
"io"
"io/ioutil"
"log"
@@ -9,12 +10,12 @@ import (
"github.com/mattn/go-isatty"
- "git.sr.ht/~sircmpwn/aerc2/config"
"git.sr.ht/~sircmpwn/aerc2/commands"
"git.sr.ht/~sircmpwn/aerc2/commands/account"
"git.sr.ht/~sircmpwn/aerc2/commands/compose"
"git.sr.ht/~sircmpwn/aerc2/commands/msgview"
"git.sr.ht/~sircmpwn/aerc2/commands/terminal"
+ "git.sr.ht/~sircmpwn/aerc2/config"
libui "git.sr.ht/~sircmpwn/aerc2/lib/ui"
"git.sr.ht/~sircmpwn/aerc2/widgets"
)
@@ -61,7 +62,8 @@ func main() {
conf, err := config.LoadConfig(nil)
if err != nil {
- panic(err)
+ fmt.Printf("Failed to load config: %v\n", err)
+ os.Exit(1)
}
var (
@@ -73,7 +75,7 @@ func main() {
for i, set := range cmds {
err := set.ExecuteCommand(aerc, cmd)
if _, ok := err.(commands.NoSuchCommand); ok {
- if i == len(cmds) - 1 {
+ if i == len(cmds)-1 {
return err
} else {
continue
diff --git a/config/config.go b/config/config.go
index 736acbf..33623d5 100644
--- a/config/config.go
+++ b/config/config.go
@@ -3,6 +3,7 @@ package config
import (
"errors"
"fmt"
+ "os"
"path"
"regexp"
"strings"
@@ -142,7 +143,11 @@ func LoadConfig(root *string) (*AercConfig, error) {
_root := path.Join(xdg.ConfigHome(), "aerc")
root = &_root
}
- file, err := ini.Load(path.Join(*root, "aerc.conf"))
+ filename := path.Join(*root, "aerc.conf")
+ if err := checkConfigPerms(filename); err != nil {
+ return nil, err
+ }
+ file, err := ini.Load(filename)
if err != nil {
return nil, err
}
@@ -289,3 +294,22 @@ func LoadConfig(root *string) (*AercConfig, error) {
config.Bindings.Global.Globals = false
return config, nil
}
+
+// checkConfigPerms checks for too open permissions
+// printing the fix on stdout and returning an error
+func checkConfigPerms(filename string) error {
+ info, err := os.Stat(filename)
+ if err != nil {
+ return err
+ }
+ perms := info.Mode().Perm()
+ goPerms := perms >> 3
+ // group or others have read access
+ if goPerms&0x44 != 0 {
+ fmt.Printf("The file %v has too open permissions.\n", filename)
+ fmt.Println("This is a security issue (it contains passwords).")
+ fmt.Printf("To fix it, run `chmod 600 %v`\n", filename)
+ return errors.New("account.conf permissions too lax")
+ }
+ return nil
+}