On Wed, Mar 30, 2011 at 04:27:06PM -0400, Chris Lumens wrote: > --- > pyanaconda/storage/__init__.py | 1 + > 1 files changed, 1 insertions(+), 0 deletions(-) > > diff --git a/pyanaconda/storage/__init__.py b/pyanaconda/storage/__init__.py > index 472627c..90bc2b0 100644 > --- a/pyanaconda/storage/__init__.py > +++ b/pyanaconda/storage/__init__.py > @@ -2239,6 +2239,7 @@ class FSSet(object): > crypttab_path = os.path.normpath("%s/etc/crypttab" % instPath) > crypttab = self.crypttab() > open(crypttab_path, "w").write(crypttab) > + os.chmod(crypttab_path, 0600) > > # /etc/mdadm.conf > mdadm_path = os.path.normpath("%s/etc/mdadm.conf" % instPath) > -- > 1.7.4.1 Under normal installer conditions this works fine, but if the storage module ends up being used by something outside anaconda there is a race condition for access to the file. It would probably be safer to do: origmask = os.umask(0077) open(crypttab_path, "w").write(crypttab) os.umask(origmask) so that the file never exists with world readable permissions. -- Brian C. Lane | Anaconda Team | IRC: bcl #anaconda | Port Orchard, WA (PST8PDT)
Attachment:
pgpYgABeoLtVN.pgp
Description: PGP signature
_______________________________________________ Anaconda-devel-list mailing list Anaconda-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/anaconda-devel-list