Should we be checking directory and file permissions?

In tor, we make sure that the permissions and ownership of our data directory, and of its parents (recursively) don't allow other non-root users to read and write to our files. This prevents accidentally starting tor with (say) your private keys in a directory that an attacker can chmod.

Should we do something similar in arti? (If so we should provide a way to loosen the restrictions for users who need group-readable installations and the like.)

Places to look for stuff to put in a checklist:

• safe_path() in openssh-portable
• check_permissions() in gnupg
• check_private_dir() in the C tor implementation.