[Checkins] SVN: cipher.googlepam/trunk/ Set umask to avoid world-readable log and cache files.
Marius Gedminas
cvs-admin at zope.org
Mon Oct 8 12:20:48 UTC 2012
Log message for revision 127933:
Set umask to avoid world-readable log and cache files.
Changed:
U cipher.googlepam/trunk/CHANGES.txt
U cipher.googlepam/trunk/src/cipher/googlepam/pam_google.py
-=-
Modified: cipher.googlepam/trunk/CHANGES.txt
===================================================================
--- cipher.googlepam/trunk/CHANGES.txt 2012-10-08 12:20:39 UTC (rev 127932)
+++ cipher.googlepam/trunk/CHANGES.txt 2012-10-08 12:20:44 UTC (rev 127933)
@@ -4,6 +4,8 @@
1.4.0 (unreleased)
------------------
+- Set umask to avoid world-readable log and cache files.
+
- Add a space after the PAM prompt.
- The add-google-users script now reads the pam_google config file to get the
Modified: cipher.googlepam/trunk/src/cipher/googlepam/pam_google.py
===================================================================
--- cipher.googlepam/trunk/src/cipher/googlepam/pam_google.py 2012-10-08 12:20:39 UTC (rev 127932)
+++ cipher.googlepam/trunk/src/cipher/googlepam/pam_google.py 2012-10-08 12:20:44 UTC (rev 127933)
@@ -170,6 +170,8 @@
self.config.read(self.options.config_file)
if self.config.has_option(SECTION_NAME, 'prompt'):
self.password_prompt = self.config.get(SECTION_NAME, 'prompt')
+ # no world-readable log and cache files please
+ os.umask(0o077)
logging.config.fileConfig(
self.options.config_file, disable_existing_loggers=False)
if self.config.has_option(SECTION_NAME, 'cache'):
More information about the checkins
mailing list