From: Ben Pfaff <blp@nicira.com>
Date: Tue, 12 Jul 2011 16:38:12 +0000 (-0700)
Subject: ovs-bugtool: Turn off "group" and "other" permissions for generated files.
X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=204f61fb1a0d30fe023001d4527554721e493065;p=openvswitch

ovs-bugtool: Turn off "group" and "other" permissions for generated files.

ovs-bugtool's output is potentially sensitive, so it seems best not to
allow anyone but the owner to read it.  This commit disables "group" and
"other" bits in the Unix ACL.
---

diff --git a/utilities/ovs-bugtool b/utilities/ovs-bugtool
index 4f0038e4..61cc3ca6 100755
--- a/utilities/ovs-bugtool
+++ b/utilities/ovs-bugtool
@@ -898,7 +898,9 @@ def make_tar(subdir, suffix, output_fd, output_file):
             filename = "%s/%s.%s" % (BUG_DIR, subdir, suffix)
         else:
             filename = output_file
+        old_umask = os.umask(0077)
         tf = tarfile.open(filename, mode)
+        os.umask(old_umask)
     else:
         tf = tarfile.open(None, 'w', os.fdopen(output_fd, 'a'))
 
@@ -939,7 +941,9 @@ def make_zip(subdir, output_file):
         filename = "%s/%s.zip" % (BUG_DIR, subdir)
     else:
         filename = output_file
+    old_umask = os.umask(0077)
     zf = zipfile.ZipFile(filename, 'w', zipfile.ZIP_DEFLATED)
+    os.umask(old_umask)
 
     try:
         for (k, v) in data.items():