From e0392a04462888661d4d350818e378b7df2c8fd1 Mon Sep 17 00:00:00 2001
From: Joseph Hunkeler <jhunkeler@gmail.com>
Date: Tue, 27 Aug 2024 16:09:23 -0400
Subject: Change script permissions: 0700

---
 src/system.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'src/system.c')

diff --git a/src/system.c b/src/system.c
index 36500d2..a564769 100644
--- a/src/system.c
+++ b/src/system.c
@@ -30,7 +30,11 @@ int shell(struct Process *proc, char *args) {
     fprintf(tp, "#!/bin/bash\n%s\n", args);
     fflush(tp);
     fclose(tp);
-    chmod(t_name, 0755);
+
+    // Set the script's permissions so that only the calling user can use it
+    // This should help prevent eavesdropping if keys are applied in plain-text
+    // somewhere.
+    chmod(t_name, 0700);
 
     pid = fork();
     if (pid == -1) {
@@ -155,4 +159,4 @@ char *shell_output(const char *command, int *status) {
     }
     *status = pclose(pp);
     return result;
-}
\ No newline at end of file
+}
-- 
cgit