Re: [PATCH master f15-branch] crypttab should not be work-readable (#692254).

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Mar 30, 2011 at 04:27:06PM -0400, Chris Lumens wrote:
> ---
>  pyanaconda/storage/__init__.py |    1 +
>  1 files changed, 1 insertions(+), 0 deletions(-)
> 
> diff --git a/pyanaconda/storage/__init__.py b/pyanaconda/storage/__init__.py
> index 472627c..90bc2b0 100644
> --- a/pyanaconda/storage/__init__.py
> +++ b/pyanaconda/storage/__init__.py
> @@ -2239,6 +2239,7 @@ class FSSet(object):
>          crypttab_path = os.path.normpath("%s/etc/crypttab" % instPath)
>          crypttab = self.crypttab()
>          open(crypttab_path, "w").write(crypttab)
> +        os.chmod(crypttab_path, 0600)
>  
>          # /etc/mdadm.conf
>          mdadm_path = os.path.normpath("%s/etc/mdadm.conf" % instPath)
> -- 
> 1.7.4.1

Under normal installer conditions this works fine, but if the storage
module ends up being used by something outside anaconda there is a race
condition for access to the file. It would probably be safer to do:

origmask = os.umask(0077)
open(crypttab_path, "w").write(crypttab)
os.umask(origmask)

so that the file never exists with world readable permissions.

-- 
Brian C. Lane | Anaconda Team | IRC: bcl #anaconda | Port Orchard, WA (PST8PDT)

Attachment: pgpYgABeoLtVN.pgp
Description: PGP signature

_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/anaconda-devel-list

[Index of Archives]     [Kickstart]     [Fedora Users]     [Fedora Legacy List]     [Fedora Maintainers]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]
  Powered by Linux