logs: Set umode to a more restrictive value

When TL first creates the log folder, let only the user read the log files, should the admin override that subsequently we'll simply warn about it but respect the decision. Meaning we have private by default, but this can be overriden
2021-11-23 19:48:59 +01:00 · 2021-11-23 19:48:59 +01:00 · 0ff9703a28
commit 0ff9703a28
parent dc3a387120
1 changed files with 28 additions and 0 deletions
--- a/src/helper.js
+++ b/src/helper.js
@ -158,6 +158,34 @@ function setHome(newPath) {
 	// Load theme color from the web manifest
 	const manifest = JSON.parse(fs.readFileSync(manifestPath, "utf8"));
 	this.config.themeColor = manifest.theme_color;
+
+	// log dir probably shouldn't be world accessible.
+	// Create it with the desired permission bits if it doesn't exist yet.
+	let logsStat = undefined;
+
+	try {
+		logsStat = fs.statSync(userLogsPath);
+	} catch {
+		// ignored on purpose, node v14.17.0 will give us {throwIfNoEntry: false}
+	}
+
+	if (!logsStat) {
+		try {
+			fs.mkdirSync(userLogsPath, {recursive: true, mode: 0o750});
+		} catch (e) {
+			log.error("Unable to create logs directory", e);
+		}
+	} else if (logsStat && logsStat.mode & 0o001) {
+		log.warn(
+			"contents of",
+			userLogsPath,
+			"can be accessed by any user, the log files may be exposed"
+		);
+
+		if (os.platform() !== "win32") {
+			log.warn(`run \`chmod o-x ${userLogsPath}\` to correct it`);
+		}
+	}
 }

 function getHomePath() {