1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
Description: set appropriate file permissions on database file.
Bug: https://bitbucket.org/kang/python-keyring-lib/issue/67/set-go-rwx-on-keyring_passcfg
Bug: https://bitbucket.org/kang/python-keyring-lib/issue/76/insecure-database-file-permissions
Bug-Debian: http://bugs.debian.org/696736
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/python-keyring/+bug/1031465
Forwarded: yes
Author: Marc Deslauriers <marc.deslauriers@canonical.com>
Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
Last-Update: 2013-01-06
--- a/keyring/backend.py
+++ b/keyring/backend.py
@@ -6,6 +6,7 @@
import getpass
import os
+import stat
import sys
import ConfigParser
import base64
@@ -348,6 +349,7 @@
storage_root = os.path.dirname(self.file_path)
if storage_root and not os.path.isdir(storage_root):
os.makedirs(storage_root)
+ os.chmod(storage_root, stat.S_IWRITE | stat.S_IREAD | stat.S_IEXEC)
class UncryptedFileKeyring(BasicFileKeyring):
--- a/keyring/util/loc_compat.py
+++ b/keyring/util/loc_compat.py
@@ -1,5 +1,6 @@
import os
import shutil
+import stat
import sys
def relocate_file(old_location, new_location):
@@ -24,4 +25,6 @@
# ensure the storage path exists
if not os.path.isdir(os.path.dirname(new_location)):
os.makedirs(os.path.dirname(new_location))
+ os.chmod(os.path.dirname(new_location),
+ stat.S_IWRITE | stat.S_IREAD | stat.S_IEXEC)
shutil.move(old_location, new_location)
--- a/keyring/tests/test_backend.py
+++ b/keyring/tests/test_backend.py
@@ -336,7 +336,8 @@
def setUp(self):
super(FileKeyringTests, self).setUp()
self.keyring = self.init_keyring()
- self.keyring.file_path = self.tmp_keyring_file = tempfile.mktemp()
+ self.keyring.file_path = self.tmp_keyring_file = os.path.join(
+ tempfile.mkdtemp(), "test_pass.cfg")
def tearDown(self):
try:
|
