From f225d0aa7fbc782e04e1965bc9edd07ed26b93c3 Mon Sep 17 00:00:00 2001 From: Scott Chacon Date: Wed, 4 Oct 2023 13:59:50 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20fix:=20set=20user-only=20permiss?= =?UTF-8?q?ions=20for=20private=20key=20file=20in=20Storage::write=5Ffile?= =?UTF-8?q?=20method?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- packages/tauri/src/keys/storage.rs | 10 ++++++++++ packages/tauri/src/storage.rs | 8 ++++++++ 2 files changed, 18 insertions(+) diff --git a/packages/tauri/src/keys/storage.rs b/packages/tauri/src/keys/storage.rs index 0230ee973..aa14fce72 100644 --- a/packages/tauri/src/keys/storage.rs +++ b/packages/tauri/src/keys/storage.rs @@ -71,14 +71,24 @@ impl Storage { #[cfg(test)] mod tests { + use std::{fs, os::unix::prelude::PermissionsExt}; + use super::*; #[test] fn test_get_or_create() { let dir = tempfile::tempdir().unwrap(); let controller = Storage::from(&dir.path().to_path_buf()); + let once = controller.get_or_create().unwrap(); let twice = controller.get_or_create().unwrap(); assert_eq!(once, twice); + + // check permissions of the private key + let permissions = fs::metadata(dir.path().join("keys/ed25519")) + .unwrap() + .permissions(); + let perms = format!("{:o}", permissions.mode()); + assert_eq!(perms, "100600"); } } diff --git a/packages/tauri/src/storage.rs b/packages/tauri/src/storage.rs index 3674c70f1..6ac12d070 100644 --- a/packages/tauri/src/storage.rs +++ b/packages/tauri/src/storage.rs @@ -1,5 +1,6 @@ use std::{ fs, + os::unix::prelude::PermissionsExt, path::{self, Path, PathBuf}, sync::{Arc, RwLock}, }; @@ -65,6 +66,13 @@ impl Storage { fs::create_dir_all(dir).map_err(Error::IO)?; } fs::write(file_path.clone(), content).map_err(Error::IO)?; + + // Set the permissions to be user-only. + let metadata = fs::metadata(file_path.clone())?; + let mut permissions = metadata.permissions(); + permissions.set_mode(0o600); // User read/write + fs::set_permissions(file_path.clone(), permissions)?; + Ok(()) }