commit 68d5f9b42e4107da1441a72d9f7cdd229ffcf099
parent 8945fa4f7e13cf6f3f3499de8c7ec02315326efc
Author: Solderpunk <solderpunk@sdf.org>
Date: Sat, 23 May 2020 13:17:12 +0200
Set umask so that config directory is private.
Diffstat:
1 file changed, 5 insertions(+), 0 deletions(-)
diff --git a/av98.py b/av98.py
@@ -217,6 +217,11 @@ class GeminiClient(cmd.Cmd):
def __init__(self, restricted=False):
cmd.Cmd.__init__(self)
+ # Set umask so that nothing we create can be read by anybody else.
+ # The certificate cache and TOFU database contain "browser history"
+ # type sensitivie information.
+ os.umask(077)
+
# Find config directory
## Look for something pre-existing
for confdir in ("~/.av98/", "~/.config/av98/"):