From f22b62c1a44911ead3c259d6d898f6686805901e Mon Sep 17 00:00:00 2001
From: David Fries <David@Fries.net>
Date: Fri, 31 Oct 2014 17:28:45 -0500
Subject: [PATCH] limit create file permissions

Be safe by default, create files so that other users can't read them,
at least until the original permissions are set.
---
 CHANGES           | 1 +
 attic/archiver.py | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/CHANGES b/CHANGES
index 40ba180ab..7aa02b15c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -13,6 +13,7 @@ Version 0.14
 - Add MacPorts' path to the default openssl search path (#101)
 - HashIndex improvements, eliminates unnecessary IO on low memory systems.
 - Fix "Number of files" output for attic info. (#124)
+- limit create file permissions so files aren't read while restoring
 
 Version 0.13
 ------------
diff --git a/attic/archiver.py b/attic/archiver.py
index a1a318361..47650c2d4 100644
--- a/attic/archiver.py
+++ b/attic/archiver.py
@@ -186,6 +186,8 @@ Type "Yes I am sure" if you understand this and want to continue.\n""")
 
     def do_extract(self, args):
         """Extract archive contents"""
+        # be restrictive when restoring files, restore permissions later
+        os.umask(0o077)
         repository = self.open_repository(args.archive)
         manifest, key = Manifest.load(repository)
         archive = Archive(repository, key, manifest, args.archive.archive,