[ovs-dev] [ovs-bugtool 3/4] ovs-bugtool: Turn off "group" and "other" permissions for generated files.

Ben Pfaff Thu, 30 Jun 2011 14:57:38 -0700

ovs-bugtool's output is potentially sensitive, so it seems best not to
allow anyone but the owner to read it.  This commit disables "group" and
"other" bits in the Unix ACL.
---
 utilities/ovs-bugtool |    5 +++++
 1 files changed, 5 insertions(+), 0 deletions(-)


diff --git a/utilities/ovs-bugtool b/utilities/ovs-bugtool
index 4f0038e..f5fdb00 100755
--- a/utilities/ovs-bugtool
+++ b/utilities/ovs-bugtool
@@ -898,7 +898,9 @@ def make_tar(subdir, suffix, output_fd, output_file):
             filename = "%s/%s.%s" % (BUG_DIR, subdir, suffix)
         else:
             filename = output_file
+        old_umask = os.umask(0077)
         tf = tarfile.open(filename, mode)
+        os.umask(old_umask)
     else:
         tf = tarfile.open(None, 'w', os.fdopen(output_fd, 'a'))
 
@@ -939,7 +941,10 @@ def make_zip(subdir, output_file):
         filename = "%s/%s.zip" % (BUG_DIR, subdir)
     else:
         filename = output_file
+
+    old_umask = os.umask(0077)
     zf = zipfile.ZipFile(filename, 'w', zipfile.ZIP_DEFLATED)
+    os.umask(old_umask)
 
     try:
         for (k, v) in data.items():
-- 
1.7.4.4

_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

[ovs-dev] [ovs-bugtool 3/4] ovs-bugtool: Turn off "group" and "other" permissions for generated files.

Reply via email to