edward/cloudflare-ddns
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Better rwx checks

Browse source
This commit is contained in:
Edward Shen 2023-07-28 02:04:51 -07:00
parent f138148581
commit 514f83f90c
Signed by: edward
GPG key ID: 0A400FFE10097C30
1 changed files with 13 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
src/main.rs
View file

@ -528,13 +528,25 @@ fn load_config_from_path<P: AsRef<Path>>(path: P) -> Option<Config> {
// mode is a u32, but only the bottom 9 bits represent the
// permissions. Mask and keep the bits we care about.
let current_mode = metadata.permissions().mode() & 0o777;
if current_mode != 0o600 {
debug!(found = format!("{current_mode:o}"), "Metadata bits");
// Check if it's readable by others
if (current_mode & 0o077) > 0 {
warn!(
found = format!("{current_mode:o}"),
expected = "600",
"File permissions too broad! Your GLOBAL Cloudflare API key is accessible to all users on the system!"
);
}
// Check if executable bit is set
if (current_mode & 0o100) != 0 {
warn!(
found = format!("{current_mode:o}"),
expected = "600",
"Config file has executable bit set"
);
}
}
Err(e) => {
warn!("Failed to read metadata for file: {e}");