From afce1ee1eb4035787d367c93e975a249d42afd88 Mon Sep 17 00:00:00 2001
From: Leonardo Taccari <iamleot@gmail.com>
Date: Mon, 29 Jul 2019 12:58:45 +0200
Subject: [PATCH] Avoid possible sensitive information disclosure via
 cache.file

Previously cache.file could be created world readable leading to
possible sensitive information disclosure on multi-user systems.
Restrict permissions only to the owner by creating an empty file.

Please note that cache.file created before this commit may need a
`chmod 600' or similar!
---
 gallery_dl/cache.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/gallery_dl/cache.py b/gallery_dl/cache.py
index e6ba61a1..45db2875 100644
--- a/gallery_dl/cache.py
+++ b/gallery_dl/cache.py
@@ -9,6 +9,7 @@
 """Decorators to keep function results in an in-memory and database cache"""
 
 import sqlite3
+import pathlib
 import pickle
 import time
 import functools
@@ -198,7 +199,9 @@ def _path():
 
 
 try:
+    dbfile = _path()
+    pathlib.Path(dbfile).touch(mode=0o600)
     DatabaseCacheDecorator.db = sqlite3.connect(
-        _path(), timeout=30, check_same_thread=False)
-except (TypeError, sqlite3.OperationalError):
+        dbfile, timeout=30, check_same_thread=False)
+except (PermissionError, TypeError, sqlite3.OperationalError):
     cache = memcache  # noqa: F811