#2 centos-cert: safer permission handling for .centos.cert
Merged a year ago by bstinson. Opened a year ago by ktdreyer.
centos/ ktdreyer/centos-packager secure-certfile  into  master

file modified
+7 -3

@@ -39,7 +39,13 @@ 

      userurl = urlparse.urlunsplit(userspliturl)

      servercaurl = urlparse.urlunsplit(servercaspliturl)

  

-     with open(os.path.expanduser(defaults.USER_CERT_FILE), 'w') as usercertfile:

+     certfile = os.path.expanduser(defaults.USER_CERT_FILE)

+     if os.path.exists(certfile):

+         # Delete file in case we are changing its mode

+         os.unlink(certfile)

+     flags = os.O_WRONLY | os.O_CREAT

+     mode = 0o600

+     with os.fdopen(os.open(certfile, flags, mode), 'w') as usercertfile:

          r = requests.post(userurl, params=params)

          try:

              r.raise_for_status()

@@ -72,8 +78,6 @@ 

      os.symlink(os.path.expanduser(defaults.SERVER_CA_CERT_FILE),

                 os.path.expanduser(defaults.UPLOAD_CA_CERT_FILE))

  

-     os.chmod(os.path.expanduser(defaults.USER_CERT_FILE), 0o600)

- 

  

  def main(opts):

  

Prior to this change, there was a small window of time where the .centos.cert file would be stored with the default umask (eg. 0644 on Fedora). This occurs between the time we close the file and the time we chown it.

Open the file handle with the 0600 permissions immediately, so the file is never world-readable.

rebased onto ac981c9

a year ago

rebased onto ac981c9

a year ago

Pull-Request has been merged by bstinson

a year ago
Metadata