Add file permission check on config.

This commit is contained in:
redxef 2022-10-13 01:16:37 +02:00
parent 027c4737cb
commit 8460f70216
Signed by: redxef
GPG key ID: 7DAC3AA211CBD921

View file

@ -39,6 +39,8 @@ class BaseConfig(dict):
if self.file == '-':
config = yaml.load(sys.stdin, Loader=Loader)
else:
if os.stat(self.file).st_mode & 0o777 & ~0o600:
raise Exception('refusing to load insecure configuration file, file must have permission 0o600')
with open(self.file) as fp:
config = yaml.load(fp, Loader=Loader)
if config is None: