From 68d5f9b42e4107da1441a72d9f7cdd229ffcf099 Mon Sep 17 00:00:00 2001
From: Solderpunk <solderpunk@sdf.org>
Date: Sat, 23 May 2020 13:17:12 +0200
Subject: [PATCH] Set umask so that config directory is private.

---
 av98.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/av98.py b/av98.py
index 5913aa7..932890c 100755
--- a/av98.py
+++ b/av98.py
@@ -217,6 +217,11 @@ class GeminiClient(cmd.Cmd):
     def __init__(self, restricted=False):
         cmd.Cmd.__init__(self)
 
+        # Set umask so that nothing we create can be read by anybody else.
+        # The certificate cache and TOFU database contain "browser history"
+        # type sensitivie information.
+        os.umask(077)
+
         # Find config directory
         ## Look for something pre-existing
         for confdir in ("~/.av98/", "~/.config/av98/"):