Set umask so that config directory is private. - AV-98-fork - A fork of https://tildegit.org/solderpunk/AV-98

commit 68d5f9b42e4107da1441a72d9f7cdd229ffcf099
parent 8945fa4f7e13cf6f3f3499de8c7ec02315326efc
Author: Solderpunk <solderpunk@sdf.org>
Date:   Sat, 23 May 2020 13:17:12 +0200

Set umask so that config directory is private.

Diffstat:
M av98.py  | 5 +++++

1 file changed, 5 insertions(+), 0 deletions(-)
diff --git a/av98.py b/av98.py
@@ -217,6 +217,11 @@ class GeminiClient(cmd.Cmd):
     def __init__(self, restricted=False):
         cmd.Cmd.__init__(self)
 
+        # Set umask so that nothing we create can be read by anybody else.
+        # The certificate cache and TOFU database contain "browser history"
+        # type sensitivie information.
+        os.umask(077)
+
         # Find config directory
         ## Look for something pre-existing
         for confdir in ("~/.av98/", "~/.config/av98/"):

	AV-98-fork A fork of https://tildegit.org/solderpunk/AV-98
	Log (Feed) \| Files \| Refs (Tags) \| README \| LICENSE