commit 069f9468cb4575f30dae6bba25bd57feca08a64a
parent 682ad5b6fa6177f2e8c51a7c7e3f8dc85c1b64b9
Author: St John Karp <contact@stjo.hn>
Date: Tue, 31 May 2022 09:21:56 -0400
Set restrictive permissions on the temp file just in case
Since the temp file can be left dangling (unpreventably, as far as
I'm aware), we should at least set its permissions to be as restrictive
as possible.
Diffstat:
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/balrog b/balrog
@@ -68,12 +68,13 @@ while [ -n "$ACTION" ] ; do
# Create the path.
mkdir -p "${KEY_FILE%/*}"
- # Decrypt to a temporary file, allow the user to edit it,
- # then re-encrypt and delete the temp file.
+ # Decrypt to a temporary file.
+ # Set restrictive permissions on the tmp file just in case.
[ -f "$KEY_FILE" ] &&
- gpg2 --quiet --output "$TMP_FILE" --decrypt "$KEY_FILE"
+ gpg2 --quiet --output "$TMP_FILE" --decrypt "$KEY_FILE" &&
+ chmod 600 "$TMP_FILE"
- # Allow the user to edit a temporary file,
+ # Allow the user to edit the temporary file,
# then encrypt it and delete the temp file.
"${EDITOR:-vi}" "$TMP_FILE"