Merge "Remove unsafe umask usage"

2021-03-12 20:50:34 +00:00 · 2021-03-12 20:50:34 +00:00 · f6aa3dbe69
parent e3a97fc267 cc27551a8e
commit f6aa3dbe69
3 changed files with 5 additions and 12 deletions
--- a/sysinv/sysinv/sysinv/sysinv/agent/manager.py
+++ b/sysinv/sysinv/sysinv/sysinv/agent/manager.py
@ -1589,7 +1589,6 @@ class AgentManager(service.PeriodicService):
                else:
                    f_content = file_content

-                os.umask(0)
                if f_content is not None:
                    with os.fdopen(os.open(file_name, os.O_CREAT | os.O_WRONLY,
                               permissions), 'wb') as f:
--- a/sysinv/sysinv/sysinv/sysinv/api/controllers/v1/kube_app.py
+++ b/sysinv/sysinv/sysinv/sysinv/api/controllers/v1/kube_app.py
@ -8,6 +8,7 @@ import os
 import pecan
 from pecan import rest
 import shutil
+import stat
 import tempfile
 import wsme
 from wsme import types as wtypes
@ -35,12 +36,11 @@ LOG = log.getLogger(__name__)
@contextmanager
 def TempDirectory():
    tmpdir = tempfile.mkdtemp()
-    saved_umask = os.umask(0o077)
+    os.chmod(tmpdir, stat.S_IRWXU)
    try:
        yield tmpdir
    finally:
        LOG.debug("Cleaning up temp directory %s" % tmpdir)
-        os.umask(saved_umask)
        shutil.rmtree(tmpdir)


--- a/sysinv/sysinv/sysinv/sysinv/common/fernet.py
+++ b/sysinv/sysinv/sysinv/sysinv/common/fernet.py
@ -7,6 +7,7 @@
 from eventlet.green import subprocess
 import os
 import shutil
+import stat
 from grp import getgrnam
 from pwd import getpwnam

@ -74,11 +75,6 @@ class FernetOperator(object):
        """Create a tmp key file."""

        self._set_user_group()
-        old_umask = os.umask(0o177)
-        old_egid = os.getegid()
-        old_euid = os.geteuid()
-        os.setegid(self.keystone_group_id)
-        os.seteuid(self.keystone_user_id)

        temp_key_file = os.path.join(self.key_repository, str(id) + '.tmp')
        real_key_file = os.path.join(self.key_repository, str(id))
@ -88,15 +84,13 @@ class FernetOperator(object):
                f.write(key)
                f.flush()
                create = True
+            os.chmod(temp_key_file, stat.S_IRUSR | stat.S_IWUSR)
+            os.chown(temp_key_file, self.keystone_user_id, self.keystone_group_id)
        except IOError:
            LOG.error('Failed to create new temporary key: %s' %
                        temp_key_file)
            raise
        finally:
-            # restore the umask, user and group identifiers
-            os.umask(old_umask)
-            os.seteuid(old_euid)
-            os.setegid(old_egid)
            if not create and os.access(temp_key_file, os.F_OK):
                os.remove(temp_key_file)
                return False