From 204f61fb1a0d30fe023001d4527554721e493065 Mon Sep 17 00:00:00 2001
From: Ben Pfaff <blp@nicira.com>
Date: Tue, 12 Jul 2011 09:38:12 -0700
Subject: [PATCH] ovs-bugtool: Turn off "group" and "other" permissions for
 generated files.

ovs-bugtool's output is potentially sensitive, so it seems best not to
allow anyone but the owner to read it.  This commit disables "group" and
"other" bits in the Unix ACL.
---
 utilities/ovs-bugtool | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/utilities/ovs-bugtool b/utilities/ovs-bugtool
index 4f0038e4..61cc3ca6 100755
--- a/utilities/ovs-bugtool
+++ b/utilities/ovs-bugtool
@@ -898,7 +898,9 @@ def make_tar(subdir, suffix, output_fd, output_file):
             filename = "%s/%s.%s" % (BUG_DIR, subdir, suffix)
         else:
             filename = output_file
+        old_umask = os.umask(0077)
         tf = tarfile.open(filename, mode)
+        os.umask(old_umask)
     else:
         tf = tarfile.open(None, 'w', os.fdopen(output_fd, 'a'))
 
@@ -939,7 +941,9 @@ def make_zip(subdir, output_file):
         filename = "%s/%s.zip" % (BUG_DIR, subdir)
     else:
         filename = output_file
+    old_umask = os.umask(0077)
     zf = zipfile.ZipFile(filename, 'w', zipfile.ZIP_DEFLATED)
+    os.umask(old_umask)
 
     try:
         for (k, v) in data.items():
-- 
2.30.2