Function to save history as private file by default

[denisvm]

Add a function that guarantees no group nor world access when creating a new history file, but do not change the current file permission.

[OlliV]

That's quite POSIX specific.

[Sonophoto]

That is POSIX.

I don't understand why there is a restriction on setting the permissions of the file in your .profile or other shell configuration? There is supposed to be a umask for file creation in your shell setup...

umask 077 blocks user and group access to all of your new files. Fixing this leaves everything else the user is doing exposed since they did not fix the real problem: an incorrect umask.

[denisvm]

@Sonophoto actually it's a helper function to make sure that only the history file is created following only the user part of the creation mode mask. The idea is to not affect the files for the whole application of user. As they history files may contain sensitive information, it is a good practice to make sure that only the user will have access to it. And, yet, if the user wants, he could change it afterwards. That's the reason for not putting it in a global umask.

[Sonophoto]

Maybe it should be Redis that does this?
I understand your use case and you are correct that the Redis history should definitely be guarded. Hard to argue with that idea! ;-)

I could also understand that this could apply in general to CLIs, but I think it applies to everything in general that is creating any kind of configuration file or history file of any sort in the users space. umask in the .profile guards all configuration and history files from being created g+rwx, o+rwx

[denisvm]

@Sonophoto I've already submitted the patch for Redis anyways, didn't realize before that linenoise was from the same author.
Regarding the function, the idea was just abstract the 'private' history masking. I still think it might be useful for someone to have this abstraction available in the library.

[Sonophoto]

I think you are absolutely correct that redis should be security conscious, and I agree that the command history should never be world readable. Very important! and Thank You for your efforts :-)

[OlliV]

I don't like the idea of sacrificing portability just for this feature, at least it should be behind a #define. I'm pretty sure there is a lot of linenoise users who are not using a POSIX compatible libc.

[denisvm]

Hello @OlliV, I've added some validation to publish that function only on POSIX systems, so won't break other systems for now. Thanks :)

[antirez]

Hello, I applied a patch to resolve this bug, it uses POSIX system calls, but all linenoise assumes there is a POSIX environment, so... we are not decreasing portability AFAIK.