From ea3f441130ed3e8e5b494b08296f138cd9518ee3 Mon Sep 17 00:00:00 2001 From: "Bryn M. Reeves" Date: Mon, 10 Jun 2013 17:38:22 +0100 Subject: Set umask when creating final archive file The temporary trees used by sos are set up with correct permissions but tarfile.open() uses the default mode and umask settings. Set the umask to deny group and other permissions for the archive to avoid leaking data to unprivileged users. Signed-off-by: Bryn M. Reeves --- sos/archive.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sos/archive.py b/sos/archive.py index 3fbd7bf8..807c0431 100644 --- a/sos/archive.py +++ b/sos/archive.py @@ -215,10 +215,12 @@ class TarFileArchive(FileCacheArchive): def _build_archive(self): old_pwd = os.getcwd() + old_umask = os.umask(0077) os.chdir(self._tmp_dir) tar = tarfile.open(self._archive_path, mode="w") tar.add(os.path.split(self._name)[1], filter=self.copy_permissions_filter) tar.close() + os.umask(old_umask) os.chdir(old_pwd) def _compress(self): -- cgit