ovs-bugtool's output is potentially sensitive, so it seems best not to
allow anyone but the owner to read it. This commit disables "group" and
"other" bits in the Unix ACL.
---
utilities/ovs-bugtool | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/utilities/ovs-bugtool b/utilities/ovs-bugtool
index 4f0038e..f5fdb00 100755
--- a/utilities/ovs-bugtool
+++ b/utilities/ovs-bugtool
@@ -898,7 +898,9 @@ def make_tar(subdir, suffix, output_fd, output_file):
filename = "%s/%s.%s" % (BUG_DIR, subdir, suffix)
else:
filename = output_file
+ old_umask = os.umask(0077)
tf = tarfile.open(filename, mode)
+ os.umask(old_umask)
else:
tf = tarfile.open(None, 'w', os.fdopen(output_fd, 'a'))
@@ -939,7 +941,10 @@ def make_zip(subdir, output_file):
filename = "%s/%s.zip" % (BUG_DIR, subdir)
else:
filename = output_file
+
+ old_umask = os.umask(0077)
zf = zipfile.ZipFile(filename, 'w', zipfile.ZIP_DEFLATED)
+ os.umask(old_umask)
try:
for (k, v) in data.items():
--
1.7.4.4
_______________________________________________
dev mailing list
[email protected]
http://openvswitch.org/mailman/listinfo/dev
