diff --git a/main.py b/main.py index cb987f7..ca1ba3f 100755 --- a/main.py +++ b/main.py @@ -39,6 +39,8 @@ class BaseConfig(dict): if self.file == '-': config = yaml.load(sys.stdin, Loader=Loader) else: + if os.stat(self.file).st_mode & 0o777 & ~0o600: + raise Exception('refusing to load insecure configuration file, file must have permission 0o600') with open(self.file) as fp: config = yaml.load(fp, Loader=Loader) if config is None: