libcloud git commit: [google] Minor security improvement for storing cached GCE credentials

Fri, 18 Dec 2015 15:45:54 -0800 

Repository: libcloud
Updated Branches:
  refs/heads/trunk 66f161739 -> 59fec8e7a


[google] Minor security improvement for storing cached GCE credentials

Closes LIBCLOUD-718


Project: http://git-wip-us.apache.org/repos/asf/libcloud/repo
Commit: http://git-wip-us.apache.org/repos/asf/libcloud/commit/59fec8e7
Tree: http://git-wip-us.apache.org/repos/asf/libcloud/tree/59fec8e7
Diff: http://git-wip-us.apache.org/repos/asf/libcloud/diff/59fec8e7

Branch: refs/heads/trunk
Commit: 59fec8e7a203ce95bca7a8b6c5c1744f4f718527
Parents: 66f1617
Author: Eric Johnson <erjoh...@google.com>
Authored: Fri Dec 18 23:43:17 2015 +0000
Committer: Eric Johnson <erjoh...@google.com>
Committed: Fri Dec 18 23:45:03 2015 +0000

----------------------------------------------------------------------
 CHANGES.rst               | 4 ++++
 libcloud/common/google.py | 4 ++--
 2 files changed, 6 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/libcloud/blob/59fec8e7/CHANGES.rst
----------------------------------------------------------------------
diff --git a/CHANGES.rst b/CHANGES.rst
index 3084c38..b175664 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -30,6 +30,10 @@ General
 Compute
 ~~~~~~~
 
+- Minor security improvement for storing cached GCE credentials
+  (LIBCLOUD-718)
+  [Siim Põder]
+
 - Removed DreamHosts Compute Driver, DreamHosts users will now use the 
OpenStack Node driver since DreamHosts are OpenStack
   API compliant
   (GITHUB-655)

http://git-wip-us.apache.org/repos/asf/libcloud/blob/59fec8e7/libcloud/common/google.py
----------------------------------------------------------------------
diff --git a/libcloud/common/google.py b/libcloud/common/google.py
index e29451f..491d5af 100644
--- a/libcloud/common/google.py
+++ b/libcloud/common/google.py
@@ -826,5 +826,5 @@ class GoogleBaseConnection(ConnectionUserAndKey, 
PollingConnection):
         """
         filename = os.path.realpath(os.path.expanduser(self.credential_file))
         data = json.dumps(self.oauth2_token)
-        with open(filename, 'w') as f:
-            f.write(data)
+        f = os.open(filename, os.O_CREAT | os.O_WRONLY, 0600)
+        os.write(f, data)

Reply via email to