-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Enforce file mode and ownership for replaced files.
Signed-off-by: Ben Grande <ben.grand...@gmail.com>
- ---
qrexec/policy/admin.py | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/qrexec/policy/admin.py b/qrexec/policy/admin.py
index da5bd9f..5f80070 100644
- --- a/qrexec/policy/admin.py
+++ b/qrexec/policy/admin.py
@@ -19,6 +19,8 @@
from typing import Optional
from pathlib import Path
+from pwd import getpwnam
+from grp import getgrnam
import contextlib
import fcntl
import os
@@ -201,6 +203,10 @@ class PolicyAdmin:
temp_path = path.with_name(RENAME_PREFIX + path.name)
temp_path.write_bytes(data)
+ temp_path.chmod(0o664)
+ uid = getpwnam("root").pw_uid
+ gid = getgrnam("qubes").gr_gid
+ os.chown(temp_path, uid, gid)
temp_path.rename(path)
# Remove
- --
Benjamin Grande <ben.grand...@gmail.com>
-----BEGIN PGP SIGNATURE-----
iNUEARYKAH0WIQRklnEdsUUe50UmvUUbcxS/DMyWhwUCZHMh0l8UgAAAAAAuAChp
c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0NjQ5
NjcxMURCMTQ1MUVFNzQ1MjZCRDQ1MUI3MzE0QkYwQ0NDOTY4NwAKCRAbcxS/DMyW
h9FEAP0aSKtG3Oj72+/BgRwrLkXSROzNzCsWKeYYGkyDenXzDgEAzXey2JZVfztn
FGyruOXoy5RCQvUsqgcfzjKq4US/+g8=
=gaed
-----END PGP SIGNATURE-----
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-devel+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-devel/ZHMh0fQxcKHG70gP%40personal-mutt.
