Set restrictive permissions on the temp file just in case - balrog - A partial drop-in replacement for pass and pass-otp written in POSIX shell.

commit 069f9468cb4575f30dae6bba25bd57feca08a64a
parent 682ad5b6fa6177f2e8c51a7c7e3f8dc85c1b64b9
Author: St John Karp <contact@stjo.hn>
Date:   Tue, 31 May 2022 09:21:56 -0400

Set restrictive permissions on the temp file just in case

Since the temp file can be left dangling (unpreventably, as far as
I'm aware), we should at least set its permissions to be as restrictive
as possible.

Diffstat:
M balrog  | 9 +++++----

1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/balrog b/balrog
@@ -68,12 +68,13 @@ while [ -n "$ACTION" ] ; do
 			# Create the path.
 			mkdir -p "${KEY_FILE%/*}"
 
-			# Decrypt to a temporary file, allow the user to edit it,
-			# then re-encrypt and delete the temp file.
+			# Decrypt to a temporary file.
+			# Set restrictive permissions on the tmp file just in case.
 			[ -f "$KEY_FILE" ] &&
-				gpg2 --quiet --output "$TMP_FILE" --decrypt "$KEY_FILE"
+				gpg2 --quiet --output "$TMP_FILE" --decrypt "$KEY_FILE" &&
+				chmod 600 "$TMP_FILE"
 
-			# Allow the user to edit a temporary file,
+			# Allow the user to edit the temporary file,
 			# then encrypt it and delete the temp file.
 			"${EDITOR:-vi}" "$TMP_FILE"

	balrog A partial drop-in replacement for pass and pass-otp written in POSIX shell.
	git clone https://git.stjo.hn/balrog
	Log \| Files \| Refs \| README \| LICENSE