fix(perm): set umask 077 (#1554)

This ensures no other user can read shell history data

Resolves #1250

4 files changed, 10 insertions, 0 deletions

diff --git a/Cargo.lock b/Cargo.lock
index 368c8687..94b9386d 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -191,6 +191,7 @@ dependencies = [
  "ratatui",
  "rpassword",
  "runtime-format",
+ "rustix",
  "semver",
  "serde",
  "serde_json",
diff --git a/Cargo.toml b/Cargo.toml
index 9aa03831..9dd12204 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -44,6 +44,7 @@ whoami = "1.1.2"
 typed-builder = "0.18.0"
 pretty_assertions = "1.3.0"
 thiserror = "1.0"
+rustix = {version = "0.38.28", features=["process", "fs"]}
 
 [workspace.dependencies.reqwest]
 version = "0.11"
diff --git a/atuin/Cargo.toml b/atuin/Cargo.toml
index 95ad677d..bd7234d9 100644
--- a/atuin/Cargo.toml
+++ b/atuin/Cargo.toml
@@ -65,6 +65,7 @@ fs-err = { workspace = true }
 whoami = { workspace = true }
 rpassword = "7.0"
 semver = { workspace = true }
+rustix = { workspace = true }
 runtime-format = "0.1.3"
 tiny-bip39 = "1"
 futures-util = "0.3"
diff --git a/atuin/src/command/mod.rs b/atuin/src/command/mod.rs
index bcd209d6..c76030bd 100644
--- a/atuin/src/command/mod.rs
+++ b/atuin/src/command/mod.rs
@@ -2,6 +2,8 @@ use clap::{CommandFactory, Subcommand};
 use clap_complete::{generate, generate_to, Shell};
 use eyre::Result;
 
+use rustix::{fs::Mode, process::umask};
+
 #[cfg(feature = "client")]
 mod client;
 
@@ -46,6 +48,11 @@ pub enum AtuinCmd {
 
 impl AtuinCmd {
     pub fn run(self) -> Result<()> {
+        // set umask before we potentially open/create files
+        // or in other words, 077. Do not allow any access to any other user
+        let mode = Mode::RWXG | Mode::RWXO;
+        umask(mode);
+
         match self {
             #[cfg(feature = "client")]
             Self::Client(client) => client.run(),