[ https://issues.apache.org/jira/browse/LIBCLOUD-718?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Eric Johnson resolved LIBCLOUD-718. ----------------------------------- Resolution: Fixed Assignee: Eric Johnson > gce_libcloud_auth credentials file world-readable > ------------------------------------------------- > > Key: LIBCLOUD-718 > URL: https://issues.apache.org/jira/browse/LIBCLOUD-718 > Project: Libcloud > Issue Type: Bug > Components: Core > Reporter: Siim Põder > Assignee: Eric Johnson > > I noticed a suspicious-looking world-readable file on a VM that talks to > Google Compute Engine API via libcloud: > {noformat} > -rw-r--r-- 1 root root 164 Jun 27 21:21 > .gce_libcloud_auth.wargame-engine > {noformat} > It contains a "Bearer" access token so presumably should not be readable by > other users on a shared system. I suspect this (untested) patch might maybe > fix this in git head: > {noformat} > diff --git a/libcloud/common/google.py b/libcloud/common/google.py > index 694cf93..7a658c8 100644 > --- a/libcloud/common/google.py > +++ b/libcloud/common/google.py > @@ -715,7 +715,7 @@ class GoogleBaseConnection(ConnectionUserAndKey, > PollingConnection): > """ > filename = os.path.realpath(os.path.expanduser(self.credential_file)) > data = json.dumps(self.token_info) > - with open(filename, 'w') as f: > + with os.open(filename, os.O_WRONLY, 0o600) as f: > f.write(data) > > def has_completed(self, response): > {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)