Merge "Remove unsafe umask usage"
This commit is contained in:
commit
f6aa3dbe69
|
@ -1589,7 +1589,6 @@ class AgentManager(service.PeriodicService):
|
|||
else:
|
||||
f_content = file_content
|
||||
|
||||
os.umask(0)
|
||||
if f_content is not None:
|
||||
with os.fdopen(os.open(file_name, os.O_CREAT | os.O_WRONLY,
|
||||
permissions), 'wb') as f:
|
||||
|
|
|
@ -8,6 +8,7 @@ import os
|
|||
import pecan
|
||||
from pecan import rest
|
||||
import shutil
|
||||
import stat
|
||||
import tempfile
|
||||
import wsme
|
||||
from wsme import types as wtypes
|
||||
|
@ -35,12 +36,11 @@ LOG = log.getLogger(__name__)
|
|||
@contextmanager
|
||||
def TempDirectory():
|
||||
tmpdir = tempfile.mkdtemp()
|
||||
saved_umask = os.umask(0o077)
|
||||
os.chmod(tmpdir, stat.S_IRWXU)
|
||||
try:
|
||||
yield tmpdir
|
||||
finally:
|
||||
LOG.debug("Cleaning up temp directory %s" % tmpdir)
|
||||
os.umask(saved_umask)
|
||||
shutil.rmtree(tmpdir)
|
||||
|
||||
|
||||
|
|
|
@ -7,6 +7,7 @@
|
|||
from eventlet.green import subprocess
|
||||
import os
|
||||
import shutil
|
||||
import stat
|
||||
from grp import getgrnam
|
||||
from pwd import getpwnam
|
||||
|
||||
|
@ -74,11 +75,6 @@ class FernetOperator(object):
|
|||
"""Create a tmp key file."""
|
||||
|
||||
self._set_user_group()
|
||||
old_umask = os.umask(0o177)
|
||||
old_egid = os.getegid()
|
||||
old_euid = os.geteuid()
|
||||
os.setegid(self.keystone_group_id)
|
||||
os.seteuid(self.keystone_user_id)
|
||||
|
||||
temp_key_file = os.path.join(self.key_repository, str(id) + '.tmp')
|
||||
real_key_file = os.path.join(self.key_repository, str(id))
|
||||
|
@ -88,15 +84,13 @@ class FernetOperator(object):
|
|||
f.write(key)
|
||||
f.flush()
|
||||
create = True
|
||||
os.chmod(temp_key_file, stat.S_IRUSR | stat.S_IWUSR)
|
||||
os.chown(temp_key_file, self.keystone_user_id, self.keystone_group_id)
|
||||
except IOError:
|
||||
LOG.error('Failed to create new temporary key: %s' %
|
||||
temp_key_file)
|
||||
raise
|
||||
finally:
|
||||
# restore the umask, user and group identifiers
|
||||
os.umask(old_umask)
|
||||
os.seteuid(old_euid)
|
||||
os.setegid(old_egid)
|
||||
if not create and os.access(temp_key_file, os.F_OK):
|
||||
os.remove(temp_key_file)
|
||||
return False
|
||||
|
|
Loading…
Reference in New Issue