Skip to content

Commit

Permalink
Allow stricter permissions but not looser; change default permissions…
Browse files Browse the repository at this point in the history 
… to 0400
  • Loading branch information
@SBell6hf
SBell6hf committed Jan 14, 2022
1 parent fda01db commit b07315c
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 4 deletions.
4 changes: 2 additions & 2 deletions depot/depot.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -113,8 +113,8 @@ func (d *FileDepot) check(tag *Tag) error {
if err != nil {
return err
}
if ^fi.Mode()&tag.perm != 0 {
return errors.New("permission denied")
if fi.Mode()&^tag.perm != 0 {
return errors.New("unprotected key file `" + tag.name + "': file permissions too open")
}
return nil
}
Expand Down
4 changes: 2 additions & 2 deletions depot/pkix.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,8 +31,8 @@ const (
)

const (
BranchPerm = 0440
LeafPerm = 0444
BranchPerm = 0400
LeafPerm = 0400
)

// CrtTag returns a tag corresponding to a certificate
Expand Down

0 comments on commit b07315c

Please # to comment.