mirror of
https://github.com/atuinsh/atuin.git
synced 2025-01-13 09:49:10 +01:00
fix(perm): set umask 077 (#1554)
This ensures no other user can read shell history data Resolves #1250
This commit is contained in:
parent
99249ea319
commit
4d41a741f0
1
Cargo.lock
generated
1
Cargo.lock
generated
@ -191,6 +191,7 @@ dependencies = [
|
||||
"ratatui",
|
||||
"rpassword",
|
||||
"runtime-format",
|
||||
"rustix",
|
||||
"semver",
|
||||
"serde",
|
||||
"serde_json",
|
||||
|
@ -44,6 +44,7 @@ whoami = "1.1.2"
|
||||
typed-builder = "0.18.0"
|
||||
pretty_assertions = "1.3.0"
|
||||
thiserror = "1.0"
|
||||
rustix = {version = "0.38.28", features=["process", "fs"]}
|
||||
|
||||
[workspace.dependencies.reqwest]
|
||||
version = "0.11"
|
||||
|
@ -65,6 +65,7 @@ fs-err = { workspace = true }
|
||||
whoami = { workspace = true }
|
||||
rpassword = "7.0"
|
||||
semver = { workspace = true }
|
||||
rustix = { workspace = true }
|
||||
runtime-format = "0.1.3"
|
||||
tiny-bip39 = "1"
|
||||
futures-util = "0.3"
|
||||
|
@ -2,6 +2,8 @@ use clap::{CommandFactory, Subcommand};
|
||||
use clap_complete::{generate, generate_to, Shell};
|
||||
use eyre::Result;
|
||||
|
||||
use rustix::{fs::Mode, process::umask};
|
||||
|
||||
#[cfg(feature = "client")]
|
||||
mod client;
|
||||
|
||||
@ -46,6 +48,11 @@ pub enum AtuinCmd {
|
||||
|
||||
impl AtuinCmd {
|
||||
pub fn run(self) -> Result<()> {
|
||||
// set umask before we potentially open/create files
|
||||
// or in other words, 077. Do not allow any access to any other user
|
||||
let mode = Mode::RWXG | Mode::RWXO;
|
||||
umask(mode);
|
||||
|
||||
match self {
|
||||
#[cfg(feature = "client")]
|
||||
Self::Client(client) => client.run(),
|
||||
|
Loading…
Reference in New Issue
Block a user