Description: set appropriate file permissions on database file.
Bug: https://bitbucket.org/kang/python-keyring-lib/issue/67/set-go-rwx-on-keyring_passcfg
Bug: https://bitbucket.org/kang/python-keyring-lib/issue/76/insecure-database-file-permissions
Bug-Debian: http://bugs.debian.org/696736
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/python-keyring/+bug/1031465
Forwarded: yes
Author: Marc Deslauriers <marc.deslauriers@canonical.com>
Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
Last-Update: 2013-01-06

--- a/keyring/backend.py
+++ b/keyring/backend.py
@@ -6,6 +6,7 @@
 
 import getpass
 import os
+import stat
 import sys
 import ConfigParser
 import base64
@@ -348,6 +349,7 @@
         storage_root = os.path.dirname(self.file_path)
         if storage_root and not os.path.isdir(storage_root):
             os.makedirs(storage_root)
+        os.chmod(storage_root, stat.S_IWRITE | stat.S_IREAD | stat.S_IEXEC)
 
 
 class UncryptedFileKeyring(BasicFileKeyring):
--- a/keyring/util/loc_compat.py
+++ b/keyring/util/loc_compat.py
@@ -1,5 +1,6 @@
 import os
 import shutil
+import stat
 import sys
 
 def relocate_file(old_location, new_location):
@@ -24,4 +25,6 @@
     # ensure the storage path exists
     if not os.path.isdir(os.path.dirname(new_location)):
         os.makedirs(os.path.dirname(new_location))
+    os.chmod(os.path.dirname(new_location),
+        stat.S_IWRITE | stat.S_IREAD | stat.S_IEXEC)
     shutil.move(old_location, new_location)
--- a/keyring/tests/test_backend.py
+++ b/keyring/tests/test_backend.py
@@ -336,7 +336,8 @@
     def setUp(self):
         super(FileKeyringTests, self).setUp()
         self.keyring = self.init_keyring()
-        self.keyring.file_path = self.tmp_keyring_file = tempfile.mktemp()
+        self.keyring.file_path = self.tmp_keyring_file = os.path.join(
+            tempfile.mkdtemp(), "test_pass.cfg")
 
     def tearDown(self):
         try: