From 8460f70216ebfe952f2078de39f3dd703bcc8450 Mon Sep 17 00:00:00 2001
From: redxef <federanko.manuel@gmail.com>
Date: Thu, 13 Oct 2022 01:16:37 +0200
Subject: [PATCH] Add file permission check on config.

---
 main.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/main.py b/main.py
index cb987f7..ca1ba3f 100755
--- a/main.py
+++ b/main.py
@@ -39,6 +39,8 @@ class BaseConfig(dict):
             if self.file == '-':
                 config = yaml.load(sys.stdin, Loader=Loader)
             else:
+                if os.stat(self.file).st_mode & 0o777 & ~0o600:
+                    raise Exception('refusing to load insecure configuration file, file must have permission 0o600')
                 with open(self.file) as fp:
                     config = yaml.load(fp, Loader=Loader)
             if config is None: