[network-manager-openvpn: 11/25] properties: fix permissions of imported certificates to be user-readable only
- From: Thomas Haller <thaller src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [network-manager-openvpn: 11/25] properties: fix permissions of imported certificates to be user-readable only
- Date: Tue, 9 Feb 2016 23:29:44 +0000 (UTC)
commit c8a3c83bba946e0512d5e2f785675ca26250f8e3
Author: Thomas Haller <thaller redhat com>
Date: Wed Feb 3 18:08:05 2016 +0100
properties: fix permissions of imported certificates to be user-readable only
properties/import-export.c | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)
---
diff --git a/properties/import-export.c b/properties/import-export.c
index bdf0c3e..cc1f54c 100644
--- a/properties/import-export.c
+++ b/properties/import-export.c
@@ -633,6 +633,8 @@ inline_blob_mkdir_parents (const InlineBlobData *data, const char *filepath, cha
static gboolean
inline_blob_write_out (const InlineBlobData *data, GError **error)
{
+ mode_t saved_umask;
+
if (!_nmovpn_test_temp_path) {
gs_free char *err_msg = NULL;
@@ -649,6 +651,8 @@ inline_blob_write_out (const InlineBlobData *data, GError **error)
}
}
+ saved_umask = umask (S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH);
+
/* The file is written with the default umask. Whether that is safe enough
* to protect (potentally) private data or allows the openvpn service to
* access the file later on is left as exercise for the user. */
@@ -660,9 +664,11 @@ inline_blob_write_out (const InlineBlobData *data, GError **error)
data->token,
(long) data->token_start_line,
data->path);
+ umask (saved_umask);
return FALSE;
}
+ umask (saved_umask);
return TRUE;
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]