From f22b62c1a44911ead3c259d6d898f6686805901e Mon Sep 17 00:00:00 2001 From: David Fries Date: Fri, 31 Oct 2014 17:28:45 -0500 Subject: [PATCH] limit create file permissions Be safe by default, create files so that other users can't read them, at least until the original permissions are set. --- CHANGES | 1 + attic/archiver.py | 2 ++ 2 files changed, 3 insertions(+) diff --git a/CHANGES b/CHANGES index 40ba180ab..7aa02b15c 100644 --- a/CHANGES +++ b/CHANGES @@ -13,6 +13,7 @@ Version 0.14 - Add MacPorts' path to the default openssl search path (#101) - HashIndex improvements, eliminates unnecessary IO on low memory systems. - Fix "Number of files" output for attic info. (#124) +- limit create file permissions so files aren't read while restoring Version 0.13 ------------ diff --git a/attic/archiver.py b/attic/archiver.py index a1a318361..47650c2d4 100644 --- a/attic/archiver.py +++ b/attic/archiver.py @@ -186,6 +186,8 @@ Type "Yes I am sure" if you understand this and want to continue.\n""") def do_extract(self, args): """Extract archive contents""" + # be restrictive when restoring files, restore permissions later + os.umask(0o077) repository = self.open_repository(args.archive) manifest, key = Manifest.load(repository) archive = Archive(repository, key, manifest, args.archive.archive,