From a3079f5eda61a24d5ac861ad53cc85b6626ecefe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Juhani=20Krekel=C3=A4?= <juhani@krekelä.fi>
Date: Fri, 9 Apr 2021 23:08:22 +0300
Subject: [PATCH] Warn is passphrase file is world-readable

---
 puer.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/puer.c b/puer.c
index e10c69a..4aee633 100644
--- a/puer.c
+++ b/puer.c
@@ -546,6 +546,17 @@ ssize_t passphrase_prompt(unsigned char *passphrase, size_t size, const char *pr
 ssize_t passphrase_file(char *passfilepath, unsigned char passphrase[], size_t size) {
 	int file = open(passfilepath, O_RDONLY);
 
+	// Check permissions
+	struct stat statbuf;
+	if (fstat(file, &statbuf) != 0) {
+		perror("Could not stat passphrase file");
+		close(file);
+		return -1;
+	}
+	if (statbuf.st_mode & S_IROTH) {
+		fprintf(stderr, "Warning: Passphrase file is world-readable\n");
+	}
+
 	// Read until newline
 	size_t index = 0;
 	for (;;) {