On Wed, Mar 30, 2011 at 04:27:06PM -0400, Chris Lumens wrote:
> ---
> pyanaconda/storage/__init__.py | 1 +
> 1 files changed, 1 insertions(+), 0 deletions(-)
>
> diff --git a/pyanaconda/storage/__init__.py b/pyanaconda/storage/__init__.py
> index 472627c..90bc2b0 100644
> --- a/pyanaconda/storage/__init__.py
> +++ b/pyanaconda/storage/__init__.py
> @@ -2239,6 +2239,7 @@ class FSSet(object):
> crypttab_path = os.path.normpath("%s/etc/crypttab" % instPath)
> crypttab = self.crypttab()
> open(crypttab_path, "w").write(crypttab)
> + os.chmod(crypttab_path, 0600)
>
> # /etc/mdadm.conf
> mdadm_path = os.path.normpath("%s/etc/mdadm.conf" % instPath)
> --
> 1.7.4.1
Under normal installer conditions this works fine, but if the storage
module ends up being used by something outside anaconda there is a race
condition for access to the file. It would probably be safer to do:
origmask = os.umask(0077)
open(crypttab_path, "w").write(crypttab)
os.umask(origmask)
so that the file never exists with world readable permissions.
--
Brian C. Lane | Anaconda Team | IRC: bcl #anaconda | Port Orchard, WA (PST8PDT)
Attachment:
pgpYgABeoLtVN.pgp
Description: PGP signature
_______________________________________________ Anaconda-devel-list mailing list Anaconda-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/anaconda-devel-list
