diff options
author | Zac Medico <zmedico@gentoo.org> | 2011-01-19 11:02:30 -0800 |
---|---|---|
committer | Zac Medico <zmedico@gentoo.org> | 2011-01-19 11:02:30 -0800 |
commit | ecbdd241f7e8e28f1057781c4ac2013e8d476288 (patch) | |
tree | 20e946ce088b87ec1c72353d535a0e23318482d6 /pym | |
parent | 24dc36eb980ea9d392cb5f47ffa859b454db03c5 (diff) | |
download | portage-ecbdd241f7e8e28f1057781c4ac2013e8d476288.tar.gz portage-ecbdd241f7e8e28f1057781c4ac2013e8d476288.tar.bz2 portage-ecbdd241f7e8e28f1057781c4ac2013e8d476288.zip |
dispatch-conf: restrict default archive-dir permsv2.2.0_alpha18
Also, add warnings about rcs and ci behavior in dispatch-conf.conf and
dispatch-conf.1. This will fix bug #315603.
Diffstat (limited to 'pym')
-rw-r--r-- | pym/portage/dispatch_conf.py | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/pym/portage/dispatch_conf.py b/pym/portage/dispatch_conf.py index 5724d9169..228638c01 100644 --- a/pym/portage/dispatch_conf.py +++ b/pym/portage/dispatch_conf.py @@ -1,5 +1,5 @@ # archive_conf.py -- functionality common to archive-conf and dispatch-conf -# Copyright 2003-2004 Gentoo Foundation +# Copyright 2003-2011 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 @@ -64,6 +64,9 @@ def read_config(mandatory_opts): if not os.path.exists(opts['archive-dir']): os.mkdir(opts['archive-dir']) + # Use restrictive permissions by default, in order to protect + # against vulnerabilities (like bug #315603 involving rcs). + os.chmod(opts['archive-dir'], 0o700) elif not os.path.isdir(opts['archive-dir']): print(_('dispatch-conf: Config archive dir [%s] must exist; fatal') % (opts['archive-dir'],), file=sys.stderr) sys.exit(1) |