From 3da9835a17742ed5080d446096682c86a96b0655 Mon Sep 17 00:00:00 2001
From: Ulyssa <git@ulyssa.dev>
Date: Fri, 7 Jul 2023 20:34:52 -0700
Subject: [PATCH] Profile session token should only be readable by the user
 (#130)

---
 Cargo.lock  | 1 +
 Cargo.toml  | 1 +
 src/main.rs | 6 ++++++
 3 files changed, 8 insertions(+)

diff --git a/Cargo.lock b/Cargo.lock
index b333862..0e0713b 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1527,6 +1527,7 @@ dependencies = [
  "html5ever",
  "image",
  "lazy_static 1.4.0",
+ "libc",
  "mandown",
  "markup5ever_rcdom",
  "matrix-sdk",
diff --git a/Cargo.toml b/Cargo.toml
index fc941da..1fbb7c4 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -35,6 +35,7 @@ futures = "0.3"
 gethostname = "0.4.1"
 html5ever = "0.26.0"
 image = "0.24.5"
+libc = "0.2"
 markup5ever_rcdom = "0.2.0"
 mime = "^0.3.16"
 mime_guess = "^2.0.4"
diff --git a/src/main.rs b/src/main.rs
index 6bb97fb..762209c 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -694,6 +694,12 @@ fn main() -> IambResult<()> {
     // Load configuration and set up the Matrix SDK.
     let settings = ApplicationSettings::load(iamb).unwrap_or_else(print_exit);
 
+    // Set umask on Unix platforms so that tokens, keys, etc. are only readable by the user.
+    #[cfg(unix)]
+    unsafe {
+        libc::umask(0o077);
+    };
+
     // Set up the tracing subscriber so we can log client messages.
     let log_prefix = format!("iamb-log-{}", settings.profile_name);
     let log_dir = settings.dirs.logs.as_path();