Add file permission check on config.

2022-10-13 01:16:37 +02:00 · 2022-10-13 01:16:37 +02:00 · 8460f70216
commit 8460f70216
parent 027c4737cb
1 changed files with 2 additions and 0 deletions
--- a/main.py
+++ b/main.py
@ -39,6 +39,8 @@ class BaseConfig(dict):
            if self.file == '-':
                config = yaml.load(sys.stdin, Loader=Loader)
            else:
+                if os.stat(self.file).st_mode & 0o777 & ~0o600:
+                    raise Exception('refusing to load insecure configuration file, file must have permission 0o600')
                with open(self.file) as fp:
                    config = yaml.load(fp, Loader=Loader)
            if config is None: