saveconfig: open the temp configfile with modes set

Fixes: open-iscsi#161 Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
pkalever · May 28, 2020 · dffcf83 · dffcf83
1 parent 7f791a6
commit dffcf83
Showing 1 changed file with 19 additions and 2 deletions.
diff --git a/rtslib/root.py b/rtslib/root.py
@@ -461,8 +461,25 @@ def save_to_file(self, save_file=None, so_path=None):
 
         tmp_file = save_file + ".temp"
 
-        with open(tmp_file, "w+") as f:
-            os.fchmod(f.fileno(), stat.S_IRUSR | stat.S_IWUSR)
+        mode = stat.S_IRUSR | stat.S_IWUSR  # 0o600
+        umask = 0o777 ^ mode  # Prevents always downgrading umask to 0
+
+        # For security, remove file with potentially elevated mode
+        try:
+            os.remove(tmp_file)
+        except OSError:
+            pass
+
+        umask_original = os.umask(umask)
+        # Even though the old file is first deleted, a race condition is still
+        # possible. Including os.O_EXCL with os.O_CREAT in the flags will
+        # prevent the file from being created if it exists due to a race
+        try:
+            fdesc = os.open(tmp_file, os.O_WRONLY | os.O_CREAT | os.O_EXCL, mode)
+        finally:
+            os.umask(umask_original)
+
+        with os.fdopen(fdesc, 'w+') as f:
             f.write(json.dumps(saveconf, sort_keys=True, indent=2))
             f.write("\n")
             f.flush()