From: Elrond Date: Fri, 22 Mar 2013 18:12:55 +0000 (+0100) Subject: Improve fs security for itsdangerous secret. X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=bb530c44450b88c3584f4e50119857599e5a5f40;p=mediagoblin.git Improve fs security for itsdangerous secret. Set mode 700 on the directory, mode 600 on the file. --- diff --git a/mediagoblin/tools/crypto.py b/mediagoblin/tools/crypto.py index 3294f135..0fb2ba2e 100644 --- a/mediagoblin/tools/crypto.py +++ b/mediagoblin/tools/crypto.py @@ -38,14 +38,18 @@ def setup_crypto(): global __itsda_secret dir = mg_globals.app_config["crypto_path"] if not os.path.isdir(dir): - _log.info("Creating %s", dir) os.makedirs(dir) + os.chmod(dir, 0700) + _log.info("Created %s", dir) name = os.path.join(dir, "itsdangeroussecret.bin") if os.path.exists(name): __itsda_secret = file(name, "r").read() else: __itsda_secret = str(getrandbits(192)) - file(name, "w").write(__itsda_secret) + f = file(name, "w") + f.write(__itsda_secret) + f.close() + os.chmod(name, 0600) _log.info("Created %s", name)