From dffcf83bead64e959505d64ad587768647caab3a Mon Sep 17 00:00:00 2001
From: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
Date: Thu, 28 May 2020 19:53:04 +0530
Subject: [PATCH] saveconfig: open the temp configfile with modes set

Fixes: #161
Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
---
 rtslib/root.py | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/rtslib/root.py b/rtslib/root.py
index afe1a53..a101edd 100644
--- a/rtslib/root.py
+++ b/rtslib/root.py
@@ -461,8 +461,25 @@ class RTSRoot(CFSNode):
 
         tmp_file = save_file + ".temp"
 
-        with open(tmp_file, "w+") as f:
-            os.fchmod(f.fileno(), stat.S_IRUSR | stat.S_IWUSR)
+        mode = stat.S_IRUSR | stat.S_IWUSR  # 0o600
+        umask = 0o777 ^ mode  # Prevents always downgrading umask to 0
+
+        # For security, remove file with potentially elevated mode
+        try:
+            os.remove(tmp_file)
+        except OSError:
+            pass
+
+        umask_original = os.umask(umask)
+        # Even though the old file is first deleted, a race condition is still
+        # possible. Including os.O_EXCL with os.O_CREAT in the flags will
+        # prevent the file from being created if it exists due to a race
+        try:
+            fdesc = os.open(tmp_file, os.O_WRONLY | os.O_CREAT | os.O_EXCL, mode)
+        finally:
+            os.umask(umask_original)
+
+        with os.fdopen(fdesc, 'w+') as f:
             f.write(json.dumps(saveconf, sort_keys=True, indent=2))
             f.write("\n")
             f.flush()
-- 
1.8.3.1