diff options
| author | Bryn M. Reeves <bmr@redhat.com> | 2013-06-10 17:38:22 +0100 |
|---|---|---|
| committer | Bryn M. Reeves <bmr@redhat.com> | 2013-06-10 17:38:22 +0100 |
| commit | ea3f441130ed3e8e5b494b08296f138cd9518ee3 (patch) | |
| tree | 8a584c4dc540206c301917771cc5752eec150410 | |
| parent | 6a10d87299b6575c8786775002858db6042a7572 (diff) | |
| download | sos-ea3f441130ed3e8e5b494b08296f138cd9518ee3.tar.gz | |
Set umask when creating final archive file
The temporary trees used by sos are set up with correct
permissions but tarfile.open() uses the default mode and umask
settings.
Set the umask to deny group and other permissions for the archive
to avoid leaking data to unprivileged users.
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
| -rw-r--r-- | sos/archive.py | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/sos/archive.py b/sos/archive.py index 3fbd7bf8..807c0431 100644 --- a/sos/archive.py +++ b/sos/archive.py @@ -215,10 +215,12 @@ class TarFileArchive(FileCacheArchive): def _build_archive(self): old_pwd = os.getcwd() + old_umask = os.umask(0077) os.chdir(self._tmp_dir) tar = tarfile.open(self._archive_path, mode="w") tar.add(os.path.split(self._name)[1], filter=self.copy_permissions_filter) tar.close() + os.umask(old_umask) os.chdir(old_pwd) def _compress(self): |