From bad71f95ceb1f26e7913e656059cb0768c9d9258 Mon Sep 17 00:00:00 2001
From: Evan Su <48808396+HACKERALERT@users.noreply.github.com>
Date: Sun, 13 Apr 2025 14:40:52 -0400
Subject: [PATCH] use 0600 for auto unzip file permissions

prevent executing for safety and only allow user to have access
---
 Changelog.md     | 1 +
 src/Picocrypt.go | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/Changelog.md b/Changelog.md
index d6dba27..1f6d76d 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -9,6 +9,7 @@
 	<li>✓ Encrypt previously unencrypted temporary zip files</li>
 	<li>✓ Add `.incomplete` to filenames while work is in progress</li>
 	<li>✓ Use `encrypted-*.zip.pcv` output name instead of `Encrypted.zip.pcv`</li>
+	<li>✓ Use 0600 permissions when auto unzipping for optimal security</li>
 </ul>
 
 # v1.47 (Released 02/19/2025)
diff --git a/src/Picocrypt.go b/src/Picocrypt.go
index a9b97c0..d6a3e8d 100644
--- a/src/Picocrypt.go
+++ b/src/Picocrypt.go
@@ -2502,7 +2502,7 @@ func unpackArchive(zipPath string) error {
 		outPath := filepath.Join(extractDir, f.Name)
 
 		// Otherwise create necessary parent directories
-		if err := os.MkdirAll(filepath.Dir(outPath), 0755); err != nil {
+		if err := os.MkdirAll(filepath.Dir(outPath), 0600); err != nil {
 			return err
 		}