Set umask so that config directory is private.

2020-05-23 13:17:12 +02:00 · 2020-05-23 13:17:12 +02:00 · 68d5f9b42e
parent 8945fa4f7e
commit 68d5f9b42e
1 changed files with 5 additions and 0 deletions
--- a/av98.py
+++ b/av98.py
@ -217,6 +217,11 @@ class GeminiClient(cmd.Cmd):
    def __init__(self, restricted=False):
        cmd.Cmd.__init__(self)

+        # Set umask so that nothing we create can be read by anybody else.
+        # The certificate cache and TOFU database contain "browser history"
+        # type sensitivie information.
+        os.umask(077)
+
        # Find config directory
        ## Look for something pre-existing
        for confdir in ("~/.av98/", "~/.config/av98/"):