diff options
| author | HimbeerserverDE <himbeerserverde@gmail.com> | 2022-11-11 21:50:51 +0100 |
|---|---|---|
| committer | HimbeerserverDE <himbeerserverde@gmail.com> | 2022-11-11 21:50:51 +0100 |
| commit | 630a6489867d60c4115f41af50f6e2fde6e8a425 (patch) | |
| tree | de7c53300fbb46d7607c7d777c53bd5903c0e6d0 | |
| parent | 5089a2eb093d9c67b3261d54811e598696c6eb88 (diff) | |
verify config file permissions on startup
| -rw-r--r-- | src/main.rs | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/main.rs b/src/main.rs index 73952e1..403b90c 100644 --- a/src/main.rs +++ b/src/main.rs @@ -3,6 +3,7 @@ use std::fmt; use std::fs::File; use std::io::Read; use std::net::{IpAddr, Ipv4Addr, Ipv6Addr}; +use std::os::unix::fs::PermissionsExt; use std::str::FromStr; use std::sync::{mpsc, Arc}; use std::thread; @@ -16,6 +17,7 @@ use serde::{Deserialize, Serialize}; #[derive(Debug)] enum Error { + InsecureConfig, ChannelRecv(mpsc::RecvError), ChannelSend4(mpsc::SendError<Ipv4Net>), ChannelSend6(mpsc::SendError<Ipv6Net>), @@ -33,6 +35,7 @@ impl std::error::Error for Error {} impl fmt::Display for Error { fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> fmt::Result { match self { + Self::InsecureConfig => write!(fmt, "config has insecure permissions (need 0?00)"), Self::ChannelRecv(e) => write!(fmt, "can't recv from mpsc channel: {}", e), Self::ChannelSend4(e) => write!(fmt, "can't send to mpsc channel: {}", e), Self::ChannelSend6(e) => write!(fmt, "can't send to mpsc channel: {}", e), @@ -150,6 +153,10 @@ fn main() -> Result<()> { let mut config_file = File::open(config_path.as_str())?; + if config_file.metadata()?.permissions().mode() & 0o077 > 0 { + return Err(Error::InsecureConfig); + } + let mut config_contents = String::new(); config_file.read_to_string(&mut config_contents).unwrap(); |