47 lines
1.6 KiB
Diff
47 lines
1.6 KiB
Diff
From dffcf83bead64e959505d64ad587768647caab3a Mon Sep 17 00:00:00 2001
|
|
From: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
|
|
Date: Thu, 28 May 2020 19:53:04 +0530
|
|
Subject: [PATCH] saveconfig: open the temp configfile with modes set
|
|
|
|
Fixes: #161
|
|
Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
|
|
---
|
|
rtslib/root.py | 21 +++++++++++++++++++--
|
|
1 file changed, 19 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/rtslib/root.py b/rtslib/root.py
|
|
index afe1a53..a101edd 100644
|
|
--- a/rtslib/root.py
|
|
+++ b/rtslib/root.py
|
|
@@ -461,8 +461,25 @@ class RTSRoot(CFSNode):
|
|
|
|
tmp_file = save_file + ".temp"
|
|
|
|
- with open(tmp_file, "w+") as f:
|
|
- os.fchmod(f.fileno(), stat.S_IRUSR | stat.S_IWUSR)
|
|
+ mode = stat.S_IRUSR | stat.S_IWUSR # 0o600
|
|
+ umask = 0o777 ^ mode # Prevents always downgrading umask to 0
|
|
+
|
|
+ # For security, remove file with potentially elevated mode
|
|
+ try:
|
|
+ os.remove(tmp_file)
|
|
+ except OSError:
|
|
+ pass
|
|
+
|
|
+ umask_original = os.umask(umask)
|
|
+ # Even though the old file is first deleted, a race condition is still
|
|
+ # possible. Including os.O_EXCL with os.O_CREAT in the flags will
|
|
+ # prevent the file from being created if it exists due to a race
|
|
+ try:
|
|
+ fdesc = os.open(tmp_file, os.O_WRONLY | os.O_CREAT | os.O_EXCL, mode)
|
|
+ finally:
|
|
+ os.umask(umask_original)
|
|
+
|
|
+ with os.fdopen(fdesc, 'w+') as f:
|
|
f.write(json.dumps(saveconf, sort_keys=True, indent=2))
|
|
f.write("\n")
|
|
f.flush()
|
|
--
|
|
1.8.3.1
|
|
|