Profile session token should only be readable by the user (#130)

ulyssa · Jul 8, 2023 · 3da9835 · 3da9835
1 parent 64891ec
commit 3da9835
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 0 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -35,6 +35,7 @@ futures = "0.3"
 gethostname = "0.4.1"
 html5ever = "0.26.0"
 image = "0.24.5"
+libc = "0.2"
 markup5ever_rcdom = "0.2.0"
 mime = "^0.3.16"
 mime_guess = "^2.0.4"

diff --git a/src/main.rs b/src/main.rs
@@ -694,6 +694,12 @@ fn main() -> IambResult<()> {
     // Load configuration and set up the Matrix SDK.
     let settings = ApplicationSettings::load(iamb).unwrap_or_else(print_exit);
 
+    // Set umask on Unix platforms so that tokens, keys, etc. are only readable by the user.
+    #[cfg(unix)]
+    unsafe {
+        libc::umask(0o077);
+    };
+
     // Set up the tracing subscriber so we can log client messages.
     let log_prefix = format!("iamb-log-{}", settings.profile_name);
     let log_dir = settings.dirs.logs.as_path();