revi-archive/phorge-arcanist
1
0
Fork 0
mirror of https://we.phorge.it/source/arcanist.git synced 2024-09-20 00:49:11 +02:00
Code Issues Releases Wiki Activity

Verify that ~/.arcrc is 600 before reading from it

Browse source 
Summary:
Since this has auth information in it now, we should prevent other users on the
system from reading it. Detect readable files and prompt the user to fix them.

Test Plan:
Did "o+r" on my ~/.arcrc, ran "arc list", got prompted, hit "Y", verified it set
perms to 600, ran "arc list" again and wasn't prompted.

Reviewed By: jungejason
Reviewers: fratrik, jungejason, aran, tuomaspelkonen
CC: aran, jungejason, epriestley
Differential Revision: 532
This commit is contained in:
epriestley 2011-06-26 11:09:13 -07:00
parent 18e34d06bc
commit 182e260472
1 changed files with 14 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
src/workflow/base/ArcanistBaseWorkflow.php
View file

@ -645,6 +645,20 @@ class ArcanistBaseWorkflow {
$user_config = array();
$user_config_path = self::getUserConfigurationFileLocation();
if (Filesystem::pathExists($user_config_path)) {
$mode = fileperms($user_config_path);
if (!$mode) {
throw new Exception("Unable to get perms of '{$user_config_path}'!");
}
if ($mode & 0177) {
// Mode should allow only owner access.
$prompt = "File permissions on your ~/.arcrc are too open. ".
"Fix them by chmod'ing to 600?";
if (!phutil_console_confirm($prompt, $default_no = false)) {
throw new ArcanistUsageException("Set ~/.arcrc to file mode 600.");
}
execx('chmod 600 %s', $user_config_path);
}
$user_config_data = Filesystem::readFile($user_config_path);
$user_config = json_decode($user_config_data, true);
if (!is_array($user_config)) {