From 8460f70216ebfe952f2078de39f3dd703bcc8450 Mon Sep 17 00:00:00 2001 From: redxef Date: Thu, 13 Oct 2022 01:16:37 +0200 Subject: [PATCH] Add file permission check on config. --- main.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/main.py b/main.py index cb987f7..ca1ba3f 100755 --- a/main.py +++ b/main.py @@ -39,6 +39,8 @@ class BaseConfig(dict): if self.file == '-': config = yaml.load(sys.stdin, Loader=Loader) else: + if os.stat(self.file).st_mode & 0o777 & ~0o600: + raise Exception('refusing to load insecure configuration file, file must have permission 0o600') with open(self.file) as fp: config = yaml.load(fp, Loader=Loader) if config is None: