From 65eb6c905a3d91766d2bef398210cbd5eb0d9cdd Mon Sep 17 00:00:00 2001
From: Oscar Linderholm <osm@recv.se>
Date: Thu, 4 Apr 2019 20:25:21 +0200
Subject: [PATCH] Only allow owner read/write to credentials.toml

---
 src/main.rs | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/main.rs b/src/main.rs
index 430a614..b75bfcf 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -115,11 +115,21 @@ fn main() {
 
     let credentials: Credentials = {
         let path = config::config_path("credentials.toml");
-        ::config::load_or_generate_default(path, authentication::create_credentials, true)
+        let creds =
+            ::config::load_or_generate_default(&path, authentication::create_credentials, true)
+                .unwrap_or_else(|e| {
+                    eprintln!("{}", e);
+                    process::exit(1);
+                });
+
+        #[cfg(target_family = "unix")]
+        std::fs::set_permissions(path, std::os::unix::fs::PermissionsExt::from_mode(0o600))
             .unwrap_or_else(|e| {
                 eprintln!("{}", e);
                 process::exit(1);
-            })
+            });
+
+        creds
     };
 
     let theme = theme::load(&cfg);