Improve fs security for itsdangerous secret.

author Elrond <elrond+mediagoblin.org@samba-tng.org>

Fri, 22 Mar 2013 18:12:55 +0000 (19:12 +0100)

committer Elrond <elrond+mediagoblin.org@samba-tng.org>

Fri, 22 Mar 2013 18:12:55 +0000 (19:12 +0100)
author Elrond <elrond+mediagoblin.org@samba-tng.org>
Fri, 22 Mar 2013 18:12:55 +0000 (19:12 +0100)
committer Elrond <elrond+mediagoblin.org@samba-tng.org>
Fri, 22 Mar 2013 18:12:55 +0000 (19:12 +0100)
diff --git a/mediagoblin/tools/crypto.py b/mediagoblin/tools/crypto.py

index 3294f135b7c171fb37fa3a5e2fae1c453af2544f..0fb2ba2ee31e954ed5bdd9ea23ae79ec2a8d0fc5 100644 (file)
--- a/mediagoblin/tools/crypto.py
+++ b/mediagoblin/tools/crypto.py
@@ -38,14 +38,18 @@ def setup_crypto():
      global __itsda_secret
      dir = mg_globals.app_config["crypto_path"]
      if not os.path.isdir(dir):
-        _log.info("Creating %s", dir)
          os.makedirs(dir)
+        os.chmod(dir, 0700)
+        _log.info("Created %s", dir)
      name = os.path.join(dir, "itsdangeroussecret.bin")
      if os.path.exists(name):
          __itsda_secret = file(name, "r").read()
      else:
          __itsda_secret = str(getrandbits(192))
-        file(name, "w").write(__itsda_secret)
+        f = file(name, "w")
+        f.write(__itsda_secret)
+        f.close()
+        os.chmod(name, 0600)
          _log.info("Created %s", name)
author	Elrond <elrond+mediagoblin.org@samba-tng.org>
	Fri, 22 Mar 2013 18:12:55 +0000 (19:12 +0100)
committer	Elrond <elrond+mediagoblin.org@samba-tng.org>
	Fri, 22 Mar 2013 18:12:55 +0000 (19:12 +0100)